Help Center
News
Go back to application
Help Center
News
Go back to application
Automated security scans
How is the security score calculatedHow is our DNSSEC assessment performedHow is our SPF assessment performedHow is our DMARC assessment performedHow our SSL/TLS assessment is performedHow our Security Headers assessment is performedHow our Potential Vulnerability assessment is performedHow our Blocklist assessment is performedHow our Open Ports assessment is performedHow our Active Vulnerability scanner worksHow to get the best results from our attack surface scans?
Digital footprint analysis
How do we uncover Applications in the digital footprintHow do we uncover IP addresses in the digital footprintHow do we uncover Software used in the digital footprintHow do we uncover Cloud Storage in the digital footprintHow do we uncover Email Addresses in the digital footprintHow do we uncover Files in the digital footprintHow do we uncover Similar Domains in the digital footprint
Account management
How to add or delete primary domains from your digital footprintHow to add or delete users from your accountHow can I impose 2FA on my company's users?Setting up SSO authentication with your identity provider (IdP)
Managing suppliers
Adding suppliers to your supply chain on the Ceeyu platformHow to configure supply chain risk scoring
Building questionnaires
Establishing parent child relationships between questionsHow to test a questionnaireHow to configure rating of a questionnaireHow to configure assessment workflows
Integrations
Integrating Ceeyu with third-party applications
Trust Center
Trust Center overviewManaging content in your Trust CenterManaging access to your Trust Portal contentCustomizing Your Trust Portal BrandingSetting Up a Custom Domain for Your Trust PortalManaging certifications in your Trust Center

How to configure supply chain risk scoring

At Ceeyu, our motto is “Supply Chain Risk Management Made Easy.” That's why we provide you with the tools to translate supplier risks into one number, the overall Risk Rating, a weighted average of risk scores by domain (e.g. Cybersecurity, Data Privacy, ESG, etc). The weight of risk scores by domain is adjustable by supplier type. Here's how it works, from the Risk Management page, accessible via Profile & Preferences (configuration rights reserved for admins).

Supplier and assessment types

 

You can organize your suppliers into groups by supplier type. By default, we offer a set of 5 types, but you can delete them and/or add your own categorization of suppliers.

Similarly, you can organize questionnaires and assessments by type. Here too, we offer a set of 7 commonly used third-party risk management categories, to which you can add your own types. Unlike supplier types, you cannot delete our default assessment types, but you can decide not to use them. However, we strongly recommend that you use these types, as this will enable, for example, cross-industry comparisons to be made at a later stage.

The use of assessment types makes it possible to visualize risk scores by domain.

Supplier risk rating

 

The supplier's overall risk rating may depend on the Assessment Type and Supplier Type. For example, the impact of cybersecurity assessments will be higher for a mission-critical SaaS provider than for an office supplies vendor. This can be done from the Risk scoring tab.

To begin, select the supplier type for which you wish to configure the risk rating.  Then configure the impact of an assessment type using the three-point menu.

From the edit menu, you'll be able to configure the weight of the Assessment type score in the calculation of the total supplier Risk rating.   You'll also be able to set the impact of the Automated assessment (currently only the Ceeyu ASM score, but other automated assessments may be added in the future) on the Assessment type score. 

⚠️ IMPORTANT ⚠️

Any change to the configuration will update the current risk score, as well as future risk scores. A change in configuration does NOT change historical scores.

Was this article helpful?

Powered by Product Fruits