Whistic Q3 Product Updates

November 06, 2018

The latest product updates and exciting enhancements to the Whistic Platform

1. Internal Approved Vendor List — save your employees time by socializing which vendors at your company are already approved for usage.

If you’re using SSO you can now expose a list of approved vendors to your company. Example: Bill in marketing wants to purchase a new software application. Company policy says they must go through a security review prior to purchase. BIll proceeds to his company’s internal intranet page which contains a Whistic link, which he clicks to see the vendors that are already approved. His vendor is on the list! The best part is, Bill didn’t have to bug the InfoSec team or submit a duplicate request.

2. Customize Your Vendor Catalog — see a list of your vendors and select what data you want to see about your vendors

One of the features that sets Whistic apart is our Vendor Catalog. The ability to see a list of all your vendors in one place. Now this capability has been enhanced! Customize specific vendor data you would like to view including:

  • Risk Level
  • Questionnaire completed
  • Score
  • Which department submitted the vendor for review
  • Live progress of those in-process of completing the questionnaire

This gives greater insight into your vendor risk program at a glance, and improves your workflow to give you greater insight into the status of your vendor assessments.

3. Add Tooltips to Your Custom Intake Form- give users tips as they complete your vendor intake form

Provide needed clarification and tips to help users as they fill out your custom intake form. This will help guide them through the process if they have questions on definitions or don’t know who/what to enter into a field. This will allow for more accurate collection of vendors and their information, which is critical to your vendor risk program.


CORE SIG was designed for organizations that run business critical functions, data and/or systems and was released in early 2018. The Risk Control focus of the SIG CORE has stringent controls to address internal vulnerabilities and external threats. While the FULL SIG will continue to expand as a library of all available questions year-over-year, the CORE SIG is meant to stay roughly the same size (~850 questions or less) each year — while staying up-to-date with the latest third party risk factors.

5. Ability to Expire the Security Profile

Responding to security questionnaires from potential customers can be a complicated process for InfoSec teams as each company seems to have their own protocols. However, when a company leverages a Whistic Profile, a questionnaire request as a part of the sales process can trigger a simple “share” of a pre-built profile in a matter of a few clicks. Whistic now allows you to expire a previously shared security profile, revoking access to the profile with the simple click of a button.

6. Ability to Re-Assign Security Profile

Part of the challenge in responding to security questionnaires from your prospects and customers is that you may not know all of the individuals that need to be involved in reviewing your documentation. Whistic has always helped with this by making it easy for security profile recipients to add additional users once you have an account established. Now Whistic extends that functionality one step further by enabling users to reassign a security profile request without ever needing to login. The recipient can click to reassign the profile from the initial email or a Whistic customer can also easily reassign the request with a single click inside their Whistic account.

information security vendor risk management whistic third party risk ciso

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.