New User | FAQs

Table of Contents

• Why isn't my invitation code taking me to the Exchange platform to log in?
• Why isn't the password reset working?
• Where can I get a tour of the Exchange platform and ask questions about the process? (customer and third party)
• How do I know what action I need to take? Fill out a Questionnaire, validation, or approve a customer access to my report?
• Do I need to complete the metric questions?
• What should I expect for a Validation request?
• How do I submit my questionnaire or validation documents? 
• How do I approve a customer Request?
• Are there any 'how to' videos to help complete the assessment?

________________________________________________________________________________________

Why isn't my invitation code taking me to the Exchange platform to log in?

Log in: Invitation Code - Claim a Company (CAC)

If you are a new company on the exchange, you will receive an email with a registration link for the ProcessUnity exchange.

When a customer places a request on a third party who is not already apart of the Exchange, an email is sent to the customer's contact listed on the request. The email has an invitation code that can be accepted. Once it is accepted, a registration email will be sent to the contact who accepted the invitation code.

NOTE: Clicking accept invitation will not take you to the Global Risk Exchange. The contact must await the registration email to gain access to the Exchange. 

If the contact accepts the Invitation, but does not receive the registration link, check that emails from our domain (@CyberGRX.com) are not directed into your spam folder or blacklisted by your IT security team. Additionally, they can attempt a password reset on the Global Risk Exchange: https://portal.cybergrx.com/login

If additional support is needed, the contact can reach out to ExchangeSupport@processunity.com for further assistance. 

Learn more about platform login & MFA setup HERE.

Why isn't password reset working?

Log in: Password Reset

If your organization is NOT new to the exchange and you are already an Exchange user, you can utilize the password reset on the log in page: https://portal.cybergrx.com/login The password reset is time sensitive and will expire after 20 minutes. The password reset notification will come from the email address no-reply@notifications.cybergrx.com. Make sure emails from our domain (@CyberGRX.com) are not directed into your spam folder or blacklisted by your IT security team.

NOTE: Password reset only works for users already registered to the Global Risk Exchange. If you don't receive a password reset, reach out to ExchangeSupport@processunity.com  to confirm if you are a registered user. 

OR

If you know your organization is NOT new to the exchange and you are NOT already an Exchange user, you will need to connect with your company's Account Administrator. If you do not know if your organization already exists on the exchange or who your Account Administrator is, you can reach out to ExchangeSupport@processunity.com for further support. 

Learn more about platform login & MFA setup HERE.

Where can I get a tour of the Exchange platform and ask questions about the process? (Open to customer and third party members)

Webinar Registration

As a third party or customer member we want to ensure you maximize your membership with ProcessUnity Global Risk Exchange and enjoy all the benefits of the platform. In our weekly webinars, we give an overview on the Exchange platform, go over best practices for completing an assessment, and review the evidence validation workflow. Join one of our webinars lead by our Exchange platform experts: REGISTER HERE

How do I respond to customer requests?

The Request and Shares table on the Questionnaire Dashboard captures all customer requests and shares that have been initiated but haven't been fulfilled yet. Requests and shares can be split into subsets of the questionnaire defined by a set list of frameworks rather than being restricted to the entire questionnaire. Requests and shares associated with the same framework will be grouped into a single row, with the total number of companies indicated, to appropriately prioritize requests with a more significant number of interested customers.

Click the Start or Continue button in the action column to work on satisfying customer(s) requests. 

OR

Click the Start or Continue Answering in the Cyber Controls card to fill out the entire questionnaire and satisfy all of the pending requests. 

Note: To fulfill a customer request, you must answer all questions included in the request, submit the questionnaire, and approve the request in your 'Customer Portfolio'. 

Learn more about the questionnaire HERE.

How do I know what action I need to take? Fill out a Questionnaire, complete validation, or approve customer access to my report?

Fill out a questionnaire 

If there is a customer request waiting to be fulfilled, you will see the option to start or continue a questionnaire framework in the Request/Share table on the Questionnaire Dashboard .

Validation 

If there is a request for evidence to be validated, you will see a validation request under the request/share type of the Request/Shares table on the the Questionnaire Dashboard .

Approve a Customer access to my report

A yellow pending approvals banner will appear at the top of your Customer Portfolio. Click Customer Portfolio to leave the Questionnaire Dashboard and view any pending customer approvals. You can approve a customer before completing the request. This allows them to automatically gain access to the report as soon as the assessment is completed and the report is generated. Tip: The customer will not receive a report until the questionnaire is submitted AND they are approved.

Learn more about the Questionnaire Dashboard HERE.

Do I need to complete the metric questions?

Metric questions may be optional or required depending on the request your organization is completing. The first place you can confirm if the metrics are required, is within the name of the request/share type on the Questionnaire Dashboard in the Requests and Share Table. 

The second place your can confirm if the metric questions are needed, is the metric question banner within the question set will inform you if they are required.

Metric questions answer to what extent you have implemented a particular control based on Strength, Coverage, and Timeliness questions. Metrics are only relevant when answering the corresponding control 'yes.'

Note: Answering optional metric questions provides more data to your company, but it is not shown to your customer or factored into their scoring.

What should I expect for a Validation Request?

Validation is conducted upon a customer initiating a validation request on a third party. All validation activities are completed by the ProcessUnity Exchange Assessment Operations Team or a validation partner organization, conducting validation following ProcessUnity standards.

The following is a high-level summary of the steps required by users to complete the validation process.

1. Answer the required 60 critical control questions. It is a standard list of 60 controls and it will not be more than that. 
2. Upload and link evidence documents to required controls. We only require evidence on controls answered 'Yes'. The Exchange can accept pre-existing audits or reports for validation, including the SOC2 Type II and ISO 27001.
3. Submit questionnaire and initiate initial validation round.
4. If additional evidence is needed after the Assessor has done their initial review, an email notification will be sent from our platform. You will see the validation request with the option to 'continue'. If you click into the validation request and hit the 'additional details' down arrow with the blue box to expand, you should see a download option for the 'Evidence Help Sheet'. All the assessor comments should be compiled there, or you can scroll through the questions individually to see the comments. 
5. After reviewing the assessor's comments, upload additional evidence to validate any remaining unvalidated controls. 
6. Click Submit and Review and check the Ready for Validation box to initiate the second round of validation.
7. Review final results of validation, once provided.
8. Approve your customer to view the report.

Only two (2) rounds of evaluation are performed per assessment. Documents uploaded during the assessment process are securely stored on the Exchange Platform. More details on the security of our storage solution can be found HERE.

Once validation has been conducted, validation data is acceptable by all customers in terms of recency for a minimum of 12 months post-completion date. As a result, if an additional customer requests validation and it is less than 12 months since you last completed validation, you will not be required to undergo validation. 

Learn more about validation HERE.

How do I submit my Questionnaire and/or my Documents for Validation?

In your Questionnaire Dashboard, navigate into the request you wish to submit within the Request and Shares table. The option to Review and Submit will be available within each question card.

Click the Review and Submit button to naviagte to the Submit Questionnaire section to review all answers. The questionnaire does not need to be completed to review answers. You may update and re-submit your questionnaire at anytime. Submitting as you go lets you monitor your scores in real-time, providing immediate feedback when you complete each section.

Check the Ready for Validation box in order to submit your evidence attachments along with your questionnaire. Checking the Ready for Validation box, will send your evidence attachments to our assessor team's queue for review. If your customer is not requesting validation, you will not need to select this option.

Follow these same steps to submit your second round of evidence documentation. 

Tip: The platform gives you the flexibility to submit and re-submit any amount of questions at any time, however, if you wish to fully satisfy a customer's request, please ensure that all questions included in the request are completed before submitting. To complete a customer request, you need to answer all the questions in the request, submit the questionnaire, and approve the request within your Customer Portfolio.

Learn more about submitting HERE.

How do I approve a customer request? 

In your Questionnaire Dashboard, a banner will appear if you have pending customer requests awaiting approval. Click Customer Portfolio to view the pending approvals. The Shares/Requests table will have all of your customer relationships listed out. You can use the filter to find the approvals if they aren't appearing on the first page of relationships. Once you find the customer request you want to approve, click Approve. 

Learn more about approvals HERE.

Are there any 'how to' videos to help complete the assessment?

Yes! We have a video series to help you as your complete the assessment. 

• Registration Process
• Adding and Managing Users
• Approving a Customer Request
• Data Recency
• Drawers
• Downloading a Report

Click HERE to watch the video guides that go over some FAQs!