Cybersecurity Risk Rating Tool

A university in South Carolina is seeking a vendor to provide a comprehensive Cybersecurity Risk Rating Tool. This tool will automate the collection and analysis of externally available data to assess the risk associated with third-party vendors, as well as to continuously monitor their cybersecurity posture. The system should also support the evaluation of prospective vendors, monitor existing third-party partners, assess fourth-party vendors (sub-service providers), evaluate the university’s own externally facing risk, and assist in prioritizing risk remediation efforts.

The anticipated scope includes continuous monitoring of 50 to 100 third-party vendors and generating 5 to 10 point-in-time reports per month for vendor assessments. The proposed solution must be compatible with commonly used platforms and browsers; if a mobile application is provided, it must support both iOS and Android. Vendors should detail interoperability with desktop productivity tools such as Microsoft Office. An Accessibility Conformance Report (ACR) is required to demonstrate compliance with accessibility standards. Additionally, the solution must offer mechanisms for system status monitoring, including real-time up/down status of the hosted platform.