5 Easy Ways to Increase Your Standard Assessment Acceptance Rate

3 minute read

November 2021

by cybergrx

We want all members of our exchange to leverage their completed CyberGRX assessment as their standard in response to questionnaire requests to reduce the load of one-off requests and spend your time more strategically. 

You will not likely be able to achieve a 100% acceptance rate of your CyberGRX standard assessment by your customers given current industry conditions, but on average our members see about 63% acceptance. Think of the time saved!

We’ve compiled our top 5 tactics to increase your assessment acceptance rate.  

Framework Mapper

When we introduced Framework Mapper for third parties earlier this year, we knew it would be a game changer. According to a Ponemon report, third parties spend over 15,000 hours completing cyber risk assessments each year. With the addition of the Framework Mapper feature, third parties can replace redundant assessments with the CyberGRX assessment by simply mapping the assessment back to relevant industry frameworks such as GDPR, CCPA, NIST 800/CSF, HIPAA, etc.— at their customers’ request. This means customers are more likely to accept an assessment that conveniently fits the frameworks that they are accustomed to.

Evidence Sharing

Accompany your assessment with further evidence (e.g. certifications, SOC2 in PNG, PDF, and JPEG file types) to boost the credibility of your standard package and avoid unnecessary follow up questions. 

We’ve released a new Evidence Upload feature that allows you to share the evidence you’ve submitted with your assessment with any customer of your choosing with just a few clicks of the mouse. Don’t worry, you still have complete control over who views your shared evidence, and only those that you authorize will be able to access it.

Custom Landing Page

For those experiencing a high volume of requests, customers are more likely to request and accept your assessment if they have a dedicated place to start the process, which is why we’ve introduced custom landing pages for those third parties who have embraced proactively sharing their CyberGRX assessment. We’ll work with you to create a landing page to make it even easier for organizations to request access to your assessment on our exchange. See the AWS compliance page for inspiration.

CyberGRX Member’s Badge

Did you know that as a CyberGRX Exchange member, you are entitled (and encouraged!) to display an exclusive badge letting your customers know you’re an exchange participant? They’re a great way to show that not only do you have a CyberGRX assessment to share, but also that you’re committed to taking a proactive approach to your cybersecurity practices. In other words, it’s a quick, easy, and free way to help build confidence in your dedication to cyber hygiene. Simply email [email protected] to receive yours today!

Communicate the WHY

Create a canned response to accompany your standard package (CyberGRX assessment and supporting documents) explaining why you’ve developed a standard and how it will satisfy the shared goal of a secure, shared ecosystem between you. Highlight, namely, that it is FREE to them to view, that they can map this assessment to 20+ industry frameworks, and, if applicable, that you’ll also share supporting evidence. Lastly, communicate that by embracing a standard like the giants have already (AWS, Google), your organization has more time to dedicate to more strategic security work, which benefits everyone.      

Have you learned any tips and tricks that you’d like to share with us?

To learn more about how CyberGRX can help you manage your third-party cyber risk, request a demo today.

Book Your Demo

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.