OpsCompass allows high-level company information, like compliance score, to be shared between companies
It is common for companies to give data access to third parties. A common vector for a data breach is to breach a third party’s systems, and then try to breach the actual targets data. An example of this is the 2013 Target data breach, where attackers used a third-party vendor’s access to compromise Target’s network.
Many companies now require potential third parties to complete an initial security assessment worksheet, and then periodic audits for security monitoring.
OpsCompass allows two companies to form a link between them, and to share high-level information such as company compliance score. This high-level information is updated daily, and allows automated tracking of a company's adherence to a compliance framework. The high-level information is only shared from one company to another, and does not flow both ways. This feature helps a company assess their third-party risk through automation and the OpsCompass product.
If you would like to receive high-level company information from a third-party, follow these steps:
- Make sure your user has one of these two roles: Company Sysadmin or Linked Companies Owner. Also, you must have a paying plan with OpsCompass.
- Send the third-party this Knowledge Base article detailing how to set up an OpsCompass company, and how to generate a link invitation.
- The third-party will send you an "Invite ID", which will be in this format: 2AE24B55-4DCF-4F93-B5D2-153CF44A1B8D
- Next, navigate to the Admin page.
- Click on the tab "Manage Linked Companies".
- Click the button "Accept Invitation"
- Paste in the "Invite ID" that the third-party sent, and click the button "Accept Invitation".
- The link between the third-party company and your company has now been formed, and you will see the company displayed in the "Linked Companies" table. The linked company cannot see high-level information about your company, unless you form another link going the other direction.
- If you ever want to unlink the two companies, you can always click the "Unlink" button.