Likelihood to Recommend If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
Read full review Zycus Procure to Pay Suite is convenient in cases of organisations that look for a streamline approach and would prefer having all the information at once place. This is great when it comes to audits as the information is very clearly available on when and who did what. However, this relies greatly on information to be fed from external sources. Dependency on the vendor increases, complex for small businesses. Even after all the effort the information has to manually entered or entered through an interim application in SAP for those businessess that would like to have their data maintained in SAP. Voice of customer is often not taken in to consideration.
Read full review Pros Security hygiene tracking over time Understandable risk score based on observations Predictability model of potential cyber security issues based on security habits. Read full review Process to create RFP is very user friendly PR creation also simple and easy to learn Contract creation--easy to upload templates and create T&Cs Read full review Cons Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays. Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data. Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders. Read full review I have not felt that it is difficult. I could say that it is necessary to spread this tool more. Read full review Alternatives Considered BitSight Security Ratings ranks evenly with
SecurityScorecard and both below
OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and
SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
Read full review Zycus Procure to Pay Suite is a much more advanced P2P suite as compared to the other applications. It is less complex, easier to streamline and customize, is faster and more latest as compared to the current suites that we earlier used. It has everything at one place which reduces the amount of effort that goes behind using multiple applications and the cost we spend on them
Read full review Return on Investment Wasted resource hours cleaning up data to correct erroneous risk score. Extra time spent addressing calls from clients about erroneous risk score data. Extra time validating risk score provided by BitSight Security Ratings for potential vendors to ensure valid data. Read full review RFP cycle time reduced by five days Supplier onboarding reduced from seven to two days Read full review ScreenShots