Discover how leverage Market-IQ Cyber in your Vendor Management processes
Take Control
Safeguard Compliance
Estimated Read Time: 7 Minutes
Estimated Configuration Time: 15 - 30 Minutes
The features listed below are only possible with 
MIQ Cyber Advanced 
If you would like to leverage any of these features and are currently using the Lite module version, please contact your CSM or reach out to our CS Team here to discuss upgrading
Sections in this Article
Viewing Market IQ Data in Workflows
Using Market IQ Data in Workflows
Configuring Market IQ Workflows
Introduction
This 📖 Knowledgebase Article introduces & covers how you can leverage the Market IQ Cyber data provided by SecurityScorecard to improve the risk insights present in your Gatekeeper Vendor repository
In this article we are going to walk through how to embed these insights in your processes so they can aid the decisions you make and the oversight you maintain when dealing your vendors
🔎 Viewing Market IQ Data in Workflows 🔎
Kanban Board View
For any Vendor record which is linked to a workflow card (which has its Website populated), Gatekeeper will display its MarketIQ Score at the Kanban Level:
Kanban List View
If you have added the Vendor: Market IQ Cyber metadata group to your workflow Form, the fields can be selected in list views, allowing you to populated values in table format:
Form View
You can also add Scorecard data to the Workflow Form itself
This will allow you and your users to view the same risk data as above while reviewing any other information you have configured to be part of your onboarding & risk assessment forms:
Email View
When editing email templates, you can enter a dynamic tag which instructs Gatekeeper to include the Vendor's Market IQ score in the notification emails sent to your users:
⚡️ Using Market IQ Data in Workflows ⚡️
Conditional Reviews/Approvals
Once you have the above Form Section (Predefined: Vendor > Market IQ Cyber) added to your forms and populated, you can use this data to automate reviews & approvals for high risk vendors
To do this, you can use as the Security Score or Security Grade logic behind applying conditional reviews (for example, in the form of a Conditional Approval as per the below video)
Ongoing Risk Monitoring
Once you have set up Market IQ Cyber and connected your vendors, the module can be used to aid you in autonomous monitoring of any changes!
See the below Knowledgebase article for a guide on how to setup our Best Practice Template Workflow for this Use Case:
🛠 Create your own - Market IQ Monitoring Workflow
NB. This Article & Workflow can also be used with our Market IQ Financial module
🛠 Configuring Market IQ In Workflows 🛠
Connecting Market-IQ Data to Workflow Cards
Connecting New Vendors
Step 1) Ensure your Vendor Core Metadata is added as a Form Section
Step 2) Ensure that - before the Vendor is Created - the Website field will be populated by someone. You can do this by making the Website field mandatory
Step 3) Add the Predefined Form Section of Vendor > Market IQ Cyber
Step 4) Add a Create Vendor action where the Website can be included in the new Vendor record's metadata
Once your configuration is completed (as per the above example steps) any new vendor records added to your workflow will instantly show Market IQ grades on the card and in the Market IQ Data tab of the new Vendor record:
Additional Configuration - Connecting Existing Vendors
Step 1) Ensure your Vendor Core Metadata is added as a Form Section
Step 2) In your Start Phase, edit the Vendor Name field & check ☑️ Associate Vendor with the card
Step 2 is for Request Form type workflows. If you are using a Triggered Vendor Onboarding/Assessment workflow, this step is not necessary
Step 3) Add the Predefined Form Section of Vendor > Market IQ Cyber
Ideally, your vendors are all already connected to Market IQ Cyber, If so, these 3 steps will be enough to ensure that the Security Score data is pulled into your workflow forms!
If your vendors are not connected yet:
Step 4) Ensure that - at some point in the workflow - the Website field will be populated. You can do this by making the Website field mandatory
Step 5) Add an Update Vendor action where the newly populated Website field can be published from the workflow form back to the record in your repository
This Update Vendor action can be either manual or automated, as long as the Website value in the Form is published back to the Vendor record in the Repository
Conditional Market IQ Approvals
Step 1) Choose where you wish to approve high risk vendors & hit Edit this Phase
Step 2) Navigate to the Approval tab
Step 3) If not already, set Approval to 🔘 Enabled and Approval Type to 🔘 Parallel
Step 4) Hit ➕ ADD NEW PARALLEL APPROVAL
Step 5) In the pop-out 
Parallel Approvals view, select the required Users/Groups, select 🔘 Conditional then hit ✅ Save
Step 6) Hit ➕ ADD to assign conditions, choosing the Security Score field and a set of values which you deem to require approval
When any new forms land on your approval phase, Gatekeeper will check the Security Score and only assign/notify the approvers when the Vendor's Score matches your condition from Step 5
See 📖 Parallel Approvals for more information about this feature
To use the other type of Conditional Approval, see our 📖 Market IQ Financial Article
In the Finance article, we configure a separate phase for this approval and visit/bypass that phase based on the Credit Rating using Conditional Transitions
Ongoing Vendor Monitoring
This section will only cover the way to initiate a Market IQ monitoring workflow. You will need to configure the review processes itself separately.
Once you have configured your CyberSecurity Risk Review workflow;
Step 1) From the Workflows menu, hit edit > Workflow Triggers
Step 2) Hit ➕ ADD TRIGGER
Step 3) Populate a Trigger Name then hit ✅ Create
Step 4) Hit ➕ ADD to select the below 2 Conditions:
Market IQ Cyber | Security Grade | Trending & Down
This will be true if Gatekeeper detects a decrease in a Vendor's Grade
Market IQ Cyber | Security Grade one of C, D F
This will be true for a Vendor if their Grade matches any your selected rankings
These 2 conditions are basic suggestions
You may want to use amended criteria (e.g. using Security Score rather than Security Grade)
You may also want to add extra conditions such as "Vendor Type" to only review your "software" vendors or "critical" vendors
Step 5) Set Trigger Status to Live
Your workflow is now active!
Gatekeeper will handle the ongoing monitoring of all your vendors linked to Market IQ Cyber
Once a Vendor meets the criteria from your trigger, a card will automatically be created on the Kanban board and notify the owner you have assigned
See the below Knowledgebase article for a guide on how to setup our Best Practice Template Workflow for this Use Case:
Create your own - Market IQ Monitoring Workflow 📖
NB. This workflow template can also be used for ongoing monitoring using our CreditSafe Integration with Market IQ Financial
Adding Market IQ Scores to Notification Emails
Whether these scores will be used in your workflow processes or not, you can configure your email notifications to include the data so your users get to see them for relevant context before undertaking a contract/vendor review process
Step 1) Go to a workflow phase where you wish to update the email & hit Edit this Phase
Step 2) Navigate to the Notifications tab
Step 3) Hit 
to edit the Email Template
Step 4) In the email Content, enter {{ market_iq_cyber.summary }} where you wish to include the Market IQ Score data
Step 5) Hit ✅ Update & ✅ Save
FAQ 💬
Q: I have populated the Website on a workflow form. Why hasn't the Security Score been applied to the card?
A: It is not only form field which needs to be populated. The Website value needs to exist on the Vendor Record (i.e. in the Repository)
➡️ If the website has been populated for a new vendor, you will need to use a Create Vendor action to set up a record in the repository for Market IQ to connect
➡️ If the website has been populated for an existing vendor, you will need to use an Update Vendor action to publish the value to the associated Vendor in the repository
Additional Reading 📚
Market IQ Cyber by Security Scorecard
Learn about the Security Scorecard integration feature, including the background of the data and the basics of configuration
Create your own - Market IQ Monitoring Workflow
Learn how to configure our best practise template for the autonomous monitoring of your Vendor's CyberSecurity ratings
Create your own - Vendor Onboarding Workflow
Learn how to configure our best practise template for the structured request, assessment & onboarding of all new Vendors