BitSight in Cambridge, Massachusetts offers an Internet security platform.
N/A
UpGuard Vendor Risk
Score 10.0 out of 10
N/A
Upguard automates third party risk assessment workflows, and sends instant notifications about vendors’ security in one centralized dashboard with UpGuard’s Vendor Risk.
N/A
Pricing
BitSight Security Ratings
UpGuard Vendor Risk
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
BitSight Security Ratings
UpGuard Vendor Risk
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
BitSight Security Ratings
UpGuard Vendor Risk
Considered Both Products
BitSight Security Ratings
No answer on this topic
UpGuard Vendor Risk
Verified User
Manager
Chose UpGuard Vendor Risk
We’ve evaluated other third-party security rating platforms, including those which focus heavily on questionnaires, self-assessments, and point-in-time reviews.
UpGuard's usp is continuous monitoring and external risk visibility, automated questionnaires, which reduced our …
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
UpGuard Vendor Risk is great when we need a quick view of a vendor’s external security posture, especially during fast-paced onboarding. It’s also very useful for continuous monitoring with visibility into changes at Vendor's side without repeatedly chasing vendors for updates. The only scenario it is not very helpful, is small vendors / start ups that dont have an external footprint, but in that case the questionnaire's can be used.
Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
We’ve evaluated other third-party security rating platforms, including those which focus heavily on questionnaires, self-assessments, and point-in-time reviews. UpGuard's usp is continuous monitoring and external risk visibility, automated questionnaires, which reduced our reliance on manual follow-ups. That said, most tools in this space still need to be complemented with internal reviews and contract-level risk assessments, depending on the vendor and use case.
reduce the time and effort spent on vendor due diligence
it has improved our ability to identify higher-risk vendors early and focus remediation efforts where they matter most, rather than treating all vendors the same
