BitSight in Cambridge, Massachusetts offers an Internet security platform.
N/A
SAI360
Score 8.0 out of 10
N/A
SAI360 merges GRC software and Ethics & Compliance Learning to enhance risk management. Its scalable solutions have supported global organizations for 25+ years.
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
The usage of ROAM, as well as the integration of external programmes through API and import functions, has almost reduced duplication of work. One thing to keep in mind is that your use cases must be very clear. There are a lot of SAI solutions, and their titles don't always correspond to what they actually perform.
Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
Archer was very similar to SAI360 in cost and features. Has a more modern look and feel and more task functionality. The price point was very similar. Didn't choose them as our existing usage is in an On-Prem version and support from our in-house IT team was not able to be obtained. MetricStream was very modern looking with an intuitive UI. Appeared to have all the features with a number of additional bells and whistles. The price point was far above our budget and we could not get approval to move them to the RFP.
