An assessment standard is comprised of a survey, schedule and communications. Two assessments are included in your licensing agreement: Vendor Risk Profile and Comprehensive Risk Standard. You can also create your own standard by clicking, “+Create a new Assessment” at the left side of the page. 

Vendor Risk Profile: Determines a vendor’s level of risk and tracks the relationship of each vendor over time. The survey is based off the NIST framework.

Comprehensive Risk Standard: Assesses vendors that have access to your corporate networks, systems or sensitive data. The survey is based on NIST CSF, NIST SP 800-171 and GDPR Requirements.