Discover how to leverage our module for automated monitoring of your vendors' cybersecurity ratings
Safeguard Compliance
Estimated Read Time: 6 Minutes
Sections in this Article
Getting Started: Basic Configuration
Connecting a Vendor to Market IQ
Removing a Market IQ Connection
Investigating Further with Security Scorecard 
Security Scorecard Recommended Reading
Introduction
Gatekeeper has teamed up with Security Scorecard to add a CyberSecurity Risk Assessment module to our Market IQ Suite
This module can be used within Gatekeeper for:
-
- Third-party risk management
- Board reporting
- Cyber insurance underwriting
- Self-monitoring
This article will explain the ways you can connect and leverage the risk data from SecurityScorecard for your Vendors in Gatekeeper
By connecting your Vendors to Market IQ Cyber, you can add an extra level of sophistication to your Vendor Onboarding & Due Diligence activities such as:
β‘οΈ Storing current and historical CyberSecurity Grades for vendors
β‘οΈ Adding Conditional Approvals to your Vendor Onboarding/Contract Approval workflows
And - by effect - allowing the pre-approval of vendors based on meeting a certain standard you deem to be "Low Risk"
β‘οΈ Automated Monitoring for Risk Escalation & Review Workflows
To learn more about how Security Scorecard score their vendors, you can download a copy of their Scoring Methodology Guide here π
Getting Started: Basic Configuration π
Enabling Market IQ Cyber for your account
MIQ Cyber Lite is available for all Gatekeeper subscriptions
This allows the Level 1 Data to be displayed for all Vendors
If you would like to have this enabled for your Gatekeeper tenant - or wish to learn more about MIQ Cyber Advanced features - please contact your CSM or reach out to our CS Team here to discuss upgrading
Connecting a Vendor to Market IQ Cyber
Via the Market IQ Tab
Step 1) Head to the Vendor record you wish to set up
Step 2) Navigate to the Market IQ tab
Step 3) Hit β Add Market IQ Cyber to this Vendor
Step 4) Enter the Vendor's website
Step 5) Hit β Add Domain
π‘ We recommend you perform this action for at least one vendor to get started since this action will trigger Gatekeeper to create add the custom fields of the SecurityScorecard Grade & Score to your data model!
Via the Vendor Record
Once the module is enabled, populating the Website for a Vendor is enough to automatically connect Market IQ Cyber
Step 1) Head to the Vendor record you wish to set up
Step 2) Alongside the Vendor Summary data section, hit Edit
Step 3) Populate the Website field
Step 4) Hit β Save & Exit (or β Save & Next)
If you wish to connect many vendors, you may want to populate this Website field in a Bulk Update
See π Vendor Data - Bulk Export & Import for a walkthrough of this task
Removing a Market IQ Connection
Step 1) Open a Vendor record
Step 2) Head to the Market IQ Cyber tab
Step 3) Hit Remove Synchronisation then Remove to confirm
NB. When a Vendor is archived (i.e, the Vendor / Status is set to Archived), Gatekeeper will automatically remove the Market IQ connection!
Viewing the Market IQ Data in Gatekeeper
Vendor Records: Market IQ Tab
The live Market IQ scores can be viewed on your Vendor Record's tab
When opening a Vendor record, navigating to the Market IQ tab, if Market IQ Cyber has been connected, you will be able to see the Level 1 Data: the Security Score & Security Grade
This Score & Historical Performance view will give you an instant indication of the current Risk of your Vendor as well as a timeline of this risk so you can take their long term reliability into consideration
The "Grade" is an easy-to-understand way to rank the summary "Score":
Grade |
Score |
 |
> 90 |
 |
80 - 89 |
 |
70 - 79 |
 |
60 - 69 |
 |
< 60 |
Repository Level Views - 
Advanced Only
At a high-level, you may want to view this CyberSecurity information across multiple vendors
π‘ One way you can revisit the information & trends for your vendor base can via the configuration of a "Saved View"
Step 1) Head your Vendor (or Contracts) repository
Step 2) Hit the 
Configure Columns icon
Step 3) Within the Market IQ | Cyber data section, enable the metadata fields:
βοΈ Security Score
βοΈ Security Grade
Step 4) (Optional) Enable/Disable any other metadata fields for the CyberSecurity View you wish to create
Step 5) Hit β Save
Step 6) (Optional) Hit the 
Filter icon to filter your repository view to a specific subset of your vendors
Step 7) Hit Save This View & choose a Title for this new layout/filter & hit β Submit
π‘ Having a Saved View like this means you can quickly and easily pull up (and export) specific data sets giving you key insights into CyberSecurity risks within your supply chain
Vendor Relationship Tables - Advanced Only
If you are leveraging our Vendor Relationships feature to assess & improve the visibility of your supply chains, having Market IQ Cyber connected will allow you to see all Cyber Risk Scores in one view for all associated vendors
Investigating Further with SecurityScorecard 
From the Market IQ Tab in a vendor record, you can follow the View on SecurityScorecard link to open the vendor record in their platform
Here, you can click into any of the 10 Score Factors that make up the overall score to learn more about any related incidents or risks:
Creating a new Account/Accessing your Existing Account with SecurityScorecard
Step 1) Navigate to the SecurityScorecard platform
Step 2) If you are an existing customer, you can log in here with your SS credentials.
Step 3) If not, click "create an account" to sign up for a free account, either using Google SSO or Email & Password
Once youβre logged into your SecurityScorecard account, youβll see your selected vendorβs scorecard. You can click on any of the 10 score factors that make up the overall score to see more information about any security issues
π‘ Pay special attention to the sections in bold π‘
FAQ π¬
Q: What if Security Scorecard has never scored one of my vendors?
A: While rare (SecurityScorecard's scoring engine monitors over 1.3 million organisations), it can happen
In this case, they will use the website/domain entered to go and perform their cybersecurity checks. This should take no more than a few days, after which time you can return to your vendor record in Gatekeeper and the new score will be have been automatically updated
Q: Level 1 data is mentioned...What are the other "levels"?
A: Security Scorecard has 4 levels of data:
Available in Gatekeeper
Level 1 Data: Top Level Letter Grade (A-F) and Numeric Score (0-100)
Only Available on the Security Scorecard platform
Level 2 Data: Individual Letter (A-F) and Numeric (0-100) Scores for the following 10 Factors: Application Security, Cubit Score, DNS Health, Endpoint Security, Hacker Chatter, IP Reputation, Information Leak, Network Security, Patching Cadence, Social Engineering.
Level 3 Data: Individual Findings Counts and Issue Summaries, Score Impact, Historical Factor Scores, Historical Findings, Historical Industry Comparison.
Level 4 Data: Issue Details including Description, Risk, Recommendation, Observations, URLs, Comparison to other companies and more.
Q: What types of domains are taken into account to calculate a score?
A: Issues found in any of the following will be taken into account when scoring the main domain.
a) The main domain - e.g. gatekeeperhq.com
b) Other "TLD" (Top Level Domains) for the main domain - e.g. gatekeeperhq.io or gatekeeperhq.co.uk
c) Subdomains - e.g. us.gatekeeperhq.com or eu.gatekeeperhq.com
d) Related domains - e.g. contractnow.com
Security Scorecard Recommended Reading
A Deep Dive in Scoring Methodology
Discover the meaning and importance of the Scores provided by SecurityScorecard
How SecurityScorecard calculates your scores
Support Article from Security Scorecard explaining the weightings & calculations which provide the single score/grade from their 10 risk factors
Support Article from Security Scorecard explaining their definition of a "breach" and how they assess the "impact"
Understand how breaches affect your score
Support Article from Security Scorecard explaining how breaches change a vendor score
π‘ Pro Tip: You could share this with one of your vendors who wishes to know more about how their score is affected after a breach!
Additional Reading π
Using Market IQ Cyber in Workflows
Learn how to embed the risk data provided by SecurityScorecard in your vendor management workflows, improving your Risk Assessments and ongoing Risk Monitoring activities
Market IQ Finance - by CreditSafe
Learn how to leverage our other automated Risk Monitoring module for Finance & Credit data
π Create your own - Market IQ Monitoring Workflow
Learn how to configure our Best Practice Template for the autonomous monitoring of your Vendor's CyberSecurity ratings