Request a Demo
Free 3PTY Ratings
Phone

801.758.0560

Email

sales(@)riskrecon(.)com

Contact Us
RR-homeHeroImage-Group851

Cybersecurity ratings and insights that make it easy to understand and act on your risks.

Automated risk assessments tuned to match your risk appetite.

Free Ratings for up to 50 Vendors
Free Ratings for up to 50 Vendors
How it works
RR-homeHeroImage-Group851
State-of-Noncompliance-Report-1600

Report: The State of Noncompliance in Cyber Risk Management

Whether they’re coming from the PCI Council, NIST, ISO, or CIS, the regulations laid out by  compliance groups offer a reference point for organizations to chart their security risk posture. This new report from RiskRecon and Cyentia Institute offers a view on the state of cyber risk compliance in today's typical organization.

Download the report here

Leading RiskRecon use cases

icon2

Third-Party Risk Management

Organizations now largely entrust third parties with their most sensitive data and operational functions. To help safeguard your digital ecosystem from third-party risk, you need simple, real-time visibility of third-party partners’ cyber performance. Companies lacking this visibility cannot detect potential threats and address them.

Learn More
icon3

Supply Chain Risk

Catastrophic multi-party breach events show that cyber risk can originate in supply chain layers beyond your immediate third parties. However, cybersecurity analysts are less likely to know who those supply chain vendors are, let alone receive rights to audit or risk assess them directly – leaving your organization exposed to a potential backdoor supply chain cyberattack.

Learn More
icon1

Own Enterprise & Subsidiary Monitoring

An organization’s internet surface area is often larger and more complex than it may seem. Without a complete picture of their own risk surface, organizations are severely disadvantaged in the event of a data breach, and face losing both potential and existing business deals, vendors, or partners.

Learn More

Leading organizations around the world use RiskRecon to minimize their risk

informatica
Arrow_worm
TUFTS_health_plan
NACCO_industries
Sentara

Our customers love us.

We have an industry-leading 4.6 star average on Gartner Peer Insights.

peer-insight-img
5stars_GartnerRatings-1
5.0/5.0

- Director, InfoSec Enterprise And Third-Party Risk Management in the Manufacturing Industry

"What I love about the product is the customer service that comes along with it for free. Our representatives have been fantastic to help with not only installation but best practices in the industry. They have gone above and beyond without further sales pitches. "

5stars_GartnerRatings-1
5.0/5.0

- Info Security Program Manager in the Healthcare Industry

"The Riskrecon tool was very easy to implement and the customer success manager was extremely helpful with getting the platform setup. While bringing up the tool I recommended some enhancements which were implemented immediately. The tool continues to be enhanced and now with the new compliance mapping it makes it very straight forward to report risk to my leadership team." 

stars-img
4.0/5.0

- Cyber Crimes Advisor in the Finance Industry

"Much better than competition. Excellent customer support - outstanding team."

stars-img
4.0/5.0

- Information Security Manager in the Healthcare Industry

"RiskRecon is a valuable tool in the vendor risk management space, providing actionable data and analytics that have helped to manage and secure our supply chain. Their customer support staff is knowledgeable and quick to respond and their continued investment into the solution is encouraging. "

5stars_GartnerRatings-1
5.0/5.0

- Vendor Management Supervisor in the Finance Industry

The product has a great deal of useful information, and understandable dashboard and can be easily integrated into existing processes. The service has been great any time we have need assistance the team has been very responsive.

5stars_GartnerRatings-1
5.0/5.0

- Third-Party Information Security Lead in the Energy/Utilities Industry

"Delivery of roadmap always fantastic. User feedback clearly incorporated into releases. Fast customer support and very few false positives."

stars-img
4.0/5.0

- Security Specialist in the Manufacturing Industry

"RiskRecon has given us valuable insights to help manage our vendor portfolio. We are now far more proactive with vendor management through the use of this tool."

Core Differentiators

DataAccuracy_v2

Data Accuracy

RiskRecon’s asset attribution is independently certified to 99.1% accuracy. And we don’t hide any of the assessment details. It’s all visible to you and your vendors at no additional fee. Action requires accuracy and transparency. RiskRecon provides you both.

Download the Certification
CustomerGraphic_v2

Custom-Tuned for Your Needs

Every RiskRecon assessment is custom-fitted to match your risk appetite, enabling you to focus on the issues that matter to you. This is built on our capability to automatically determine the value at risk for every system based on the data types the system collects and the system functionality.

Workflow_v2

Automated Workflows

RiskRecon has advanced workflow capabilities that enable you to easily understand risk. RiskRecon automatically produces vendor risk action plans that contain only the issues you care about. Our collaboration workflow makes it easy for you to share action plans with your vendors. RiskRecon even automatically tracks and reports each vendor’s progress in addressing their action plan issues.

Explore Our Product

ComprehensiveDashboard

Comprehensive Dashboard

AssessmentTuning

Assessment Tuning

BoardLevelReporting

Board Level Reporting

BoardLevel_Reporting

Prioritized Issues

PortfolioManagement

Portfolio Management

ComplianceIndicators

Compliance Indicators

InformationTechnologyData

Information Technology Data

ShareableActionPlans

Shareable Action Plans

PatchCriticalIssues

How to Fix Critical Issues

PortfolioBreachEvents

Breach Events

Summary&DetailedLevelDownloads

Summary & Detailed Level Downloads

AdvancedFiltering

Advanced Filtering

Contact Sales

FAQs

Expand All | Collapse All

Can I review all vendors in the same fashion?

Different vendors may represent different levels of risk to the organization. Higher risk relationships require more in-depth review while applying that same level of assurance to low-risk vendors would largely be a waste of time. Have a sound methodology in place that applies the appropriate amount of assurance to the inherent risk of the relationship.

Why do I need to do more than send my annual security questionnaire?

As practitioners, if we rely solely on security questionnaires to assess our vendors we are forced to try to determine if our vendor really has good security controls, or if they are simply good at answering questionnaires. That is a tall order. Relying on information from various tools, including questionnaires, provides the most insight into the true operating effectiveness of controls.

How do I assess vendors in an RFP when I do not have enough staff to assess all of the vendors I am already using?

One approach to help combat this challenge is to send each firm in the RFP a short questionnaire based on must-have controls (no more than 15 or so questions). Things like “Do you have a team dedicated to security?” Those will highlight the critical controls. To further help differentiate vendors, using a one-time report from a tool like RiskRecon can provide you with a quick assessment of the external cyber hygiene of an organization. When a vendor is ultimately selected, you can do the full assessment as part of the onboarding process.

If I was going to take my TPRM program to the next level beyond questionnaires, what should I look to add?

Once you have decided that a questionnaire alone is not doing what you need and you want to bring more to your program, the first place many organizations look is to add a continuous monitoring tool, such as RiskRecon. These tools address many of the challenges and limitations of the security questionnaire. Questionnaires are static and point in time, while a continuous monitoring tool can keep an eye on your vendor when you are not doing the reviews. Continuous monitoring tools are also useful to help validate the effectiveness of security controls addressed in the questionnaire.

Products like RiskRecon are outside looking in, can they inform me about the security of my vendor?

While it is true that RiskRecon is limited to seeing only externally visible things, you can learn an awful lot about an organization by seeing the posture they present to the world. In many ways, it is sort of like a house. You will be hard-pressed to find many houses that look like a shack on the outside, but a mansion on the inside. By looking at the externally facing posture, we can learn about how that organization treats security. Do they take patching seriously? Have they bothered to harden systems, or do they have unsafe network services exposed to the internet? So, going back to the house analogy, we can make the fair assumption that in most cases, organizations that look bad on the outside and probably challenged on the inside as well. Large hosting organizations may buck this trend, but for the most part, it holds.

Latest Insights from cybersecurity experts

Stay up to date on the leading edge of business form the world of cybersecurity.

State-of-Noncompliance-Report-1600

October 12, 2022

Report: The State of Noncompliance in Cyber Risk Management

This new report from RiskRecon and Cyentia Institute offers a view on the state of cyber risk compliance in today's typical organization.

Read More
NewWave_Blog_Thumnail

April 27, 2021

Free 3PTY Ratings

Get a free 30-day trial of the RiskRecon portal and see the ratings of up to 50 vendors.

Read More
Ponemon report blog 2-fig 1- Oct 2022

October 11, 2022

New Blog: Shortfalls in Third-Party Risk Management Governance

In this blog we discuss current shortcomings in third-party risk management measured through our recent Ponemon Institute study. 

Read More
© Copyright 2022. | Privacy Policy | Terms of Use