As a customer, it's important to evaluate your objectives and decide which scope of assessment makes the most sense for each third party. The scope of assessment should be determined by the level of sensitive data that the Third Party may handle, store, or have access to. By completing the impact questionnaire, ProcessUnity GRX will use the data to calculate an inherent risk rating of Critical, High, Medium, Low, or Nominal.
Scope |
Framework Description |
Question Count |
Essential |
Focuses on the fundamental set of cybersecurity controls to confirm the presence of a basic risk management program. (ProcessUnity Critical Cyber Risk Questionnaire) |
60 controls |
Core |
Covers the full set of cybersecurity controls to provide a broad view of how a standard risk program is implemented. (ProcessUnity Cyber Risk Questionnaire) |
209 controls |
Core Plus |
Builds on Core by adding performance metrics to assess how effectively the cybersecurity controls are operating within the risk program. (ProcessUnity Cyber Risk Questionnaire + Metrics) |
209 controls 627 metrics |
Advanced Options |
(Alternate framework and metric questions) |
custom |
Take a look at our additional articles to learn how to request data or proactively share your assessment.