Bitsight Third-Party Risk Management vs. Certa vs. UpGuard Vendor Risk

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Bitsight Third-Party Risk Management
Score 7.6 out of 10
N/A
Bitsight provides comprehensive, AI-accelerated visibility into your vendors, assets, and digital footprint of every third party (and beyond) in your network, whether you work with them directly or indirectly.N/A
Certa
Score 8.0 out of 10
Enterprise companies (1,001+ employees)
Certa is a SaaS based, no-code workflow automation platform that enables businesses to manage the lifecycle of their third parties. Companies typically use Certa for third party risk, regulatory compliance, ESG, and diversity management. Certa’s workflow engine enables businesses to streamline and automate processes, eliminate bottlenecks and inefficiencies, and break down silos via interdepartmental and internal/external process participants. Certa’s no-code, drag and drop features allows…N/A
UpGuard Vendor Risk
Score 10.0 out of 10
N/A
Upguard automates third party risk assessment workflows, and sends instant notifications about vendors’ security in one centralized dashboard with UpGuard’s Vendor Risk.N/A
Pricing
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Editions & Modules
No answers on this topic
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Free Trial
NoNoNo
Free/Freemium Version
NoNoNo
Premium Consulting/Integration Services
NoNoNo
Entry-level Setup FeeNo setup feeNo setup feeNo setup fee
Additional DetailsPricing is contingent on client's requirements, customizations, add-ons, etc., and is quoted on a case-by-case basis. Please contact us to schedule a demo and learn more.
More Pricing Information
Community Pulse
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Considered Multiple Products
Bitsight Third-Party Risk Management
Chose Bitsight Third-Party Risk Management
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are …
Certa
Chose Certa
We actually ended up picking JobNimbus over Certa only because we had employees that were already familier with JN and felt comfortable navigating and assisting other coworkers. It came down to JN and Certa and that was the only reason we didn't go with Certa. They were very …
UpGuard Vendor Risk
Chose UpGuard Vendor Risk
We’ve evaluated other third-party security rating platforms, including those which focus heavily on questionnaires, self-assessments, and point-in-time reviews. UpGuard's usp is continuous monitoring and external risk visibility, automated questionnaires, which reduced our …
Best Alternatives
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Small Businesses

No answers on this topic

No answers on this topic

No answers on this topic

Medium-sized Companies

No answers on this topic

No answers on this topic

No answers on this topic

Enterprises
GEP Quantum Intelligence
GEP Quantum Intelligence
Score 8.9 out of 10
GEP Quantum Intelligence
GEP Quantum Intelligence
Score 8.9 out of 10
GEP Quantum Intelligence
GEP Quantum Intelligence
Score 8.9 out of 10
All AlternativesView all alternativesView all alternativesView all alternatives
User Ratings
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Likelihood to Recommend
5.0
(0 ratings)
8.0
(0 ratings)
10.0
(0 ratings)
Usability
-
(0 ratings)
-
(0 ratings)
9.0
(0 ratings)
User Testimonials
Bitsight Third-Party Risk ManagementCertaUpGuard Vendor Risk
Likelihood to Recommend
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
Read full review
Our brief experience with Certa was great overall. We liked the many options it provided, and saw how easily it could help manage our company's needs. However, the app was not as intuitive to work our way through, especially for those in our company that are not tech savvy. The onboarding function was what I was most excited about while using it. The dashboard made it super easy to see the overview of a project and know the next steps that need to be taken, and help get everyone on the same page without having to send emails, calls or texts to give updates. However, when deciding whether to continue with Certa or go a different route, the choice was hard, but he had enough employees struggling and unsure on the app that made the end decision
Read full review
UpGuard Vendor Risk is great when we need a quick view of a vendor’s external security posture, especially during fast-paced onboarding. It’s also very useful for continuous monitoring with visibility into changes at Vendor's side without repeatedly chasing vendors for updates. The only scenario it is not very helpful, is small vendors / start ups that dont have an external footprint, but in that case the questionnaire's can be used.
Read full review
Pros
  • Security hygiene tracking over time
  • Understandable risk score based on observations
  • Predictability model of potential cyber security issues based on security habits.
Read full review
  • It made it easy to onboard suppliers
  • Internal and external team communication
  • Fully customizable
Read full review
  • Helped us automate our vendor risk questionnaires
  • Helps us continuously monitor our high-risk vendors
  • All vendor risk data is in one place, organized by risk level, criticality, and status
Read full review
Cons
  • Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
  • Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
  • Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
Read full review
  • Because it is fully customizable, we felt like there were too many options. Having more of a basic template for like-minded industries would be helpful.
  • Maneuvering around the app was not as easy as I'd hoped. We have several employees that aren't tech savvy, and it was hard getting them to use the app.
Read full review
  • Integration with GRC systems, ticketing platforms could be stronger
  • More configurable dashboards will be helpful
Read full review
Usability
No answers on this topic
No answers on this topic
It gives overall risk visibility into our supply chain
Read full review
Alternatives Considered
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
Read full review
We actually ended up picking JobNimbus over Certa only because we had employees that were already familier with JN and felt comfortable navigating and assisting other coworkers. It came down to JN and Certa and that was the only reason we didn't go with Certa. They were very comparable, but the few employees that are not tech savvy were having difficulties navigating Certa. I would not be opposed to using Certa in the future or recommending it to other companies.
Read full review
We’ve evaluated other third-party security rating platforms, including those which focus heavily on questionnaires, self-assessments, and point-in-time reviews.
UpGuard's usp is continuous monitoring and external risk visibility, automated questionnaires, which reduced our reliance on manual follow-ups. That said, most tools in this space still need to be complemented with internal reviews and contract-level risk assessments, depending on the vendor and use case.
Read full review
Return on Investment
  • Wasted resource hours cleaning up data to correct erroneous risk score.
  • Extra time spent addressing calls from clients about erroneous risk score data.
  • Extra time validating risk score provided by BitSight Security Ratings for potential vendors to ensure valid data.
Read full review
  • The contract software was great. We were spending money each month to have certified contracts signed and drawn up. Certa did a great job at including this feature, saving money overall.
  • Once all documents and contacts are inputted, so much time and effort would be saved. We would no longer need to call, email or follow up with each other to verify that tasks were completed.
Read full review
  • reduce the time and effort spent on vendor due diligence
  • it has improved our ability to identify higher-risk vendors early and focus remediation efforts where they matter most, rather than treating all vendors the same
  • more informed risk decisions
Read full review
ScreenShots

Certa Screenshots

Screenshot of Comprehensive risk scores, vendor validations, and tailored questionnaires that automatically identify risks. Reduces manual workarounds & route procurement requests to the correct department automatically, letting a team make informed decisions.Screenshot of Certa Intake gives business users and requesters one centralized portal to launch requests, use guided flows to make requesting easier, dashboards that shows status of all current open items, and make global searches.Screenshot of Standardizes contracting process, reduce manual intervention and empowers teams to manage agreement lifecycles with third parties.Screenshot of Track and measure the ESG performance of third-parties to stay compliant with government regulations.Screenshot of Certa can be used to customize business processes with simple drag and drop features.