CyberClarity360™ provides an ongoing independent and objective assessment of the cyber security and resilience of your external partners.
We’ve made cyber risk easier to understand using a score, so your decision makers can focus on meeting their business goals. Our patent pending scoring system provides complete transparency and flexibility, whilst allowing you to benefit from the collective power of the CyberClarity360™ community.
Our unique solution helps educate and improve the cyber security and resilience of your external partners.
Developed by Duff & Phelps’ award-winning industry thought leaders, CyberClarity360™ draws upon our deep experience helping organizations with complex global data risk challenges.
CyberClarity360™ is designed to be simple and easy for both Corporations and Providers:
Cybersecurity is a complex subject and many decision makers struggle with interpreting the technical issues that are identified and using them to make business decisions.
We simplified understanding cyber risk using a score. Like credit scores, the CyberClarity360 TM Score allows decision makers to very quickly understand the security and data privacy posture of an organization, allowing them to focus on improving their partner relationships and meeting their business goals. At the same time, our assessment report also provides very granular information about vulnerability gaps and areas of improvement.
Finally, we couple the CyberClarity360TM Score with information about how the corporations use their vendors (e.g. the type work performed or amount of business they do), which allows Corporations to make quick context-based data driven decisions.
Developed by a multi-disciplinary team, our information security and data privacy assessment provides unique insights into organizational, political, geographical and technological risks. We leverage the NIST Cyber Security Framework, due to its openness, accessibility, public peer review and depth of technical controls.
Yes. We have an entire section of our assessment specifically focused on data privacy concepts common across many jurisdictions, including the EU General Data Privacy Regulations.
Yes. Our assessment can assist your organization to understand compliance of your third-party service providers pursuant to Section 500.11.
Yes. For our community to trust our program and rely on it for decision making, we understand the need for complete transparency. Our assessment and scoring model is open box. We utilize a standardized testing approach and all Providers take the same assessment, which allows our clients to easily compare their scores against peers.
Due to the evolving nature of technology and increasing sophistication of cyber threats, CyberClarity360™ Assessments are completed by Providers at least on a semi-annual basis. In addition, Providers are under an obligation to disclose any material changes since taking their last assessment, and we may adjust scores accordingly.
Today’s threat landscape includes the proliferation of ransomware attacks that are designed to maximize business disruption and can cripple an otherwise thriving business. It is therefore crucial to understand how quickly an organization can recover from an attack.
Assessments remain one of the best ways to understand an organization’s resiliency, i.e. whether they have the necessary controls and procedures in place to quickly recover and restore their information systems following an attack. Assessment responses can also prove valuable in helping define contractual terms with external partners or adopting specific mitigation strategies.
We operate a trust but verify model. Unlike other products, our unique CyberClarity360™ Program includes verification of Provider’s responses each year to ensure accuracy. We perform integrity scans to ensure assessments are properly completed, random checks on Providers’ completed assessments, and targeting specific topic areas across Providers. Our assessment also has built-in checks to identify inconsistencies.
Providers’ CyberClarity360™ Score may be adjusted following verification of their response. In addition, our Data Analytics Team continuously reviews Provider responses and verification reports to identify enhancements to our assessment questions and scoring model.
Our Global Data Risk team can also provide more in-depth remote and on-site verification as needed. Please contact us for more information.
Prioritizing and/or tiering assessments was necessary to compensate for the lack of resources to conduct thorough assessments of ALL Providers. Tiering is not necessary in our program, as our scalable solution allows you to benefit from a thorough assessment of every vendor. In addition, this allows you to quickly transition an existing vendor to higher value/risk work, without waiting to perform an additional ‘more comprehensive’ assessment.
We understand that some of our clients have specific and unique needs, and our patent pending approach can support addendums and personalized scoring models. We would be happy to discuss your custom needs and how we can help you.
Our goal is to help our Providers reduce their risk of breach by improving their cyber resilience and resulting CyberClarity360™ Score. Following completion of our comprehensive CyberClarity360™ assessment, Providers can access a detailed assessment report that includes a breakdown of identified risks, and tailored best-practice guidance on how they should address areas of vulnerability. Remediation advice is prioritized to those critical areas of highest risk, so Providers can focus their attention on implementing recommendations that will reduce the most risk and have the greatest impact on their CyberClarity360™ Score.
Our scalable solution frees up time for your teams to manage on-site assessments, rather than spending time managing security questionnaires. Our assessment serves as an excellent tool (checklist) to prepare for on-site audits. Our Global Data Risk team can also provide more in-depth remote and on-site verification as needed. Please contact us for more information.
We recognize that onsite audits are a significant challenge for our clients and we are already working on the next generation solution!
Our secure proprietary exchange platform enables Providers to ‘unlock’ and instantly share their CyberClarity360™ Scores and Assessment information with any Corporation in our Program. Our unique solution simplifies the security assessment process and significantly decreases the operational cost to both Corporations and Providers.
Yes. We understand that the information we collect from Providers, and are entrusted with, is of a highly sensitive nature. We developed CyberClarity360™ to be secure and scalable. Our solution has achieved VerAfied Certification and we use the latest technology protocols to ensure our clients information remans safe, including multi-factor authentication, verification and validation of user identity, encryption of data-at-rest and in-transit.
CyberClarity360™ offers Corporations a unique cost sharing model with phenomenal ROI compared to conducting assessments internally. Our annual subscription fees are calculated based on the number Providers sharing their CyberClarity360™ assessment information with a Corporation. Volume based discounts are available.
Providers can take our independent and objective assessment, receive their CyberClarity360 Score and prioritized remediation at no cost! Our annual subscription fees are based on the number of Corporations with whom Providers are sharing their CyberClarity360™ Assessments.
Please contact us at 833-CC0-RISK (833-220-7475) or email us at firstname.lastname@example.org for more information about our subscription fees.