Using Market IQ Cyber in Workflows

Discover how leverage Market-IQ Cyber in your Vendor Management processes


Pillar 2 - Take Control     Take Control

      Safeguard Compliance

      Estimated Read Time: 7 Minutes

         Estimated Configuration Time: 15 - 30 Minutes


The features listed below are only possible with   MIQ Cyber Advanced  


If you would like to leverage any of these features and are currently using the Lite module version, please contact your CSM or reach out to our CS Team here to discuss upgrading



Sections in this Article


Viewing Market IQ Data in Workflows

Using Market IQ Data in Workflows

Configuring Market IQ Workflows


Additional Reading





This 📖 Knowledgebase Article introduces & covers how you can leverage the Market IQ Cyber data provided by SecurityScorecard to improve the risk insights present in your Gatekeeper Vendor repository


In this article we are going to walk through how to embed these insights in your processes so they can aid the decisions you make and the oversight you maintain when dealing your vendors



🔎 Viewing Market IQ Data in Workflows 🔎


Kanban Board View

For any Vendor record which is linked to a workflow card (which has its Website populated), Gatekeeper will display its MarketIQ Score at the Kanban Level:


Kanban List View

If you have added the Vendor: Market IQ Cyber metadata group to your workflow Form, the fields can be selected in list views, allowing you to populated values in table format:


Form View

You can also add Scorecard data to the Workflow Form itself

This will allow you and your users to view the same risk data as above while reviewing any other information you have configured to be part of your onboarding & risk assessment forms:


Email View

When editing email templates, you can enter a dynamic tag which instructs Gatekeeper to include the Vendor's Market IQ score in the notification emails sent to your users:



⚡️ Using Market IQ Data in Workflows ⚡️


Conditional Reviews/Approvals


Once you have the above Form Section (Predefined: Vendor > Market IQ Cyber) added to your forms and populated, you can use this data to automate reviews & approvals for high risk vendors

To do this, you can use as the Security Score or Security Grade logic behind applying conditional reviews (for example, in the form of a Conditional Approval as per the below video)




Ongoing Risk Monitoring


Once you have set up Market IQ Cyber and connected your vendors, the module can be used to aid you in autonomous monitoring of any changes!



See the below Knowledgebase article for a guide on how to setup our Best Practice Template Workflow for this Use Case:

🛠 Create your own - Market IQ Monitoring Workflow

NB. This Article & Workflow can also be used with our Market IQ Financial module



🛠 Configuring Market IQ In Workflows 🛠


Connecting Market-IQ Data to Workflow Cards


Connecting New Vendors

Step 1) Ensure your Vendor Core Metadata is added as a Form Section

Step 2) Ensure that - before the Vendor is Created - the Website field will be populated by someone. You can do this by making the Website field mandatory

Step 3) Add the Predefined Form Section of Vendor > Market IQ Cyber

Step 4) Add a Create Vendor action where the Website can be included in the new Vendor record's metadata


Once your configuration is completed (as per the above example steps) any new vendor records added to your workflow will instantly show Market IQ grades on the card and in the Market IQ Data tab of the new Vendor record:



Additional Configuration - Connecting Existing Vendors

Step 1) Ensure your Vendor Core Metadata is added as a Form Section

Step 2) In your Start Phase, edit the Vendor Name field & check ☑️ Associate Vendor with the card

Step 2 is for Request Form type workflows. If you are using a Triggered Vendor Onboarding/Assessment workflow, this step is not necessary

Step 3) Add the Predefined Form Section of Vendor > Market IQ Cyber

Ideally, your vendors are all already connected to Market IQ Cyber, If so, these 3 steps will be enough to ensure that the Security Score data is pulled into your workflow forms!

If your vendors are not connected yet:

Step 4) Ensure that - at some point in the workflow - the Website field will be populated. You can do this by making the Website field mandatory

Step 5) Add an Update Vendor action where the newly populated Website field can be published from the workflow form back to the record in your repository

This Update Vendor action can be either manual or automated, as long as the Website value in the Form is published back to the Vendor record in the Repository



Conditional Market IQ Approvals


Step 1) Choose where you wish to approve high risk vendors & hit Edit this Phase

Step 2) Navigate to the Approval tab

Step 3) If not already, set Approval to 🔘 Enabled and Approval Type to 🔘 Parallel


Step 5) In the pop-out  Parallel Approvals view, select the required Users/Groups, select 🔘 Conditional then hit ✅ Save

Step 6) Hit ➕ ADD to assign conditions, choosing the Security Score field and a set of values which you deem to require approval

When any new forms land on your approval phase, Gatekeeper will check the Security Score and only assign/notify the approvers when the Vendor's Score matches your condition from Step 5

See 📖 Parallel Approvals for more information about this feature


To use the other type of Conditional Approval, see our 📖 Market IQ Financial Article

In the Finance article, we configure a separate phase for this approval and visit/bypass that phase based on the Credit Rating using Conditional Transitions


Ongoing Vendor Monitoring 


This section will only cover the way to initiate a Market IQ monitoring workflow. You will need to configure the review processes itself separately.


Once you have configured your CyberSecurity Risk Review workflow;

Step 1) From the Workflows menu, hit edit > Workflow Triggers

Step 2) Hit ➕ ADD TRIGGER

Step 3) Populate a Trigger Name then hit ✅ Create

Step 4) Hit ➕ ADD to select the below 2 Conditions:

Market IQ Cyber | Security Grade | Trending & Down

This will be true if Gatekeeper detects a decrease in a Vendor's Grade

Market IQ Cyber | Security Grade one of C, D F

This will be true for a Vendor if their Grade matches any your selected rankings

These 2 conditions are basic suggestions

You may want to use amended criteria (e.g. using Security Score rather than Security Grade)

You may also want to add extra conditions such as "Vendor Type"  to only review your "software" vendors or "critical" vendors

Step 5) Set Trigger Status to Live

Your workflow is now active!

Gatekeeper will handle the ongoing monitoring of all your vendors linked to Market IQ Cyber

Once a Vendor meets the criteria from your trigger, a card will automatically be created on the Kanban board and notify the owner you have assigned 


See the below Knowledgebase article for a guide on how to setup our Best Practice Template Workflow for this Use Case:

Create your own - Market IQ Monitoring Workflow 📖

NB. This workflow template can  also be used for ongoing monitoring using our CreditSafe Integration with Market IQ Financial


Adding Market IQ Scores to Notification Emails

Whether these scores will be used in your workflow processes or not, you can configure your email notifications to include the data so your users get to see them for relevant context before undertaking a contract/vendor review process

Step 1) Go to a workflow phase where you wish to update the email & hit Edit this Phase

Step 2) Navigate to the Notifications tab

Step 3) Hit to edit the Email Template

Step 4) In the email Content, enter {{ market_iq_cyber.summary }} where you wish to include the Market IQ Score data

Step 5) Hit ✅ Update & ✅ Save





Q: I have populated the Website on a workflow form. Why hasn't the Security Score been applied to the card?

A: It is not only form field which needs to be populated. The Website value needs to exist on the Vendor Record (i.e. in the Repository)

➡️ If the website has been populated for a new vendor, you will need to use a Create Vendor action to set up a record in the repository for Market IQ to connect

➡️ If the website has been populated for an existing vendor,  you will need to use an Update Vendor action to publish the value to the associated Vendor in the repository




Additional Reading 📚


Market IQ Cyber by Security Scorecard

Learn about the Security Scorecard integration feature, including the background of the data and the basics of configuration


Create your own - Market IQ Monitoring Workflow

Learn how to configure our best practise template for the autonomous monitoring of your Vendor's CyberSecurity ratings


Create your own - Vendor Onboarding Workflow

Learn how to configure our best practise template for the structured request, assessment & onboarding of all new Vendors