Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram

FAQs

FAQ - Let us help you get the most out of Velocity

// FAQ - General

GENERAL QUESTIONS:
Great place to get started...

Why use Velocity...

Who we are?

Stern Security is a cyber security company headquartered in Raleigh, NC dedicated to customer service and improving the long-term security posture of organizations.

What is Velocity? 

Velocity is a cloud risk assessment platform that utilizes known security frameworks and regulations including NIST, CIS, PCI, HIPAA, FFIEC, MITRE ATT&CK, and Velocity’s own breach risk framework.

What the Velocity difference?

Some of Velocity’s largest differentiators are the following:

    1. Evaluate internal & third-party risk
    2. Data Verification – Analysts verify all threat intelligence and vendor questionnaire data
    3. Dynamic & Efficient Questionnaires – Vendor questionnaires are less than 75 questions and change depending on the vendor solution type.
    4. Threat intelligence + Questionnaires
    5. Product & Organization Evaluations – Velocity evaluates companies at the organization and product level.
    6. Estimate Breach Costs
    7. SOC Report Analysis – Velocity is the only platform that performs rapid reviews of SOC 2 & SOC 3 reports
    8. Freemium – You can measure your organization’s baseline security for free.
    9. Rapid Onboarding – Velocity’s onboarding process is 5 minutes.
Account Creation - Create a free Velocity Account.
  1. Go to https://app.velocitysec.com and choose “Create Account”.
I'm a Vendor - I was requested to complete a Vendor Assessment.
  1. To get started, either...
    • Login using the link found in the email invite
    • Register with the email address your customer would have invited.
In both cases once logged in you should see a widget titled "Pending Customer Request". Click it, and you will be taken to the "Customer Request" Page. You can also get to the customer request page by clicking on the shaking hand icon.
// FAQ - Internal

INTERNAL ASSESSMENTS :
I want to complete an internal assessment.

Who should complete the Security Assessment?

Someone closely familiar with company’s security and compliance measures.

How long will the Security Assessment take?

Velocity is customizable to address your company’s specific needs. While times vary, Vendors should allocate an hour for their assessment and customers should allocate about an hour per selected framework.

What documentation formats are accepted?

All uploaded documents need to be in PDF format.

What type of documentation is needed?

Some questions will need documentation for verification of the control. These questions will have a paperclip to denote an attachment. Hover your mouse over the paperclip for details on the type of documentation needed.

Can I update my Security Assessment at a later date?

You can make changes and update your Security Assessment at a later date. Note – if your assessment has already been verified, any changes will require additional verification.

How do I add team members to help with the Security Assessment?

To give your team members access to your Velocity account.

  • Navigate to "Org Settings" across the top
  • Click "Manage Users" 
  • Enter "Email Address" in the bottom left side of the screen
  • Click "Invite User" on the bottom right.
  • User will be sent an invitation with all instructions, and you will be able to monitor there status in the table found on this page.
How can I check my assessment progress?

There are multiple ways to track your assessment status:

  • From the "Dashboard", in the "Internal Risk Assessments status" widget
  • From the "Internal Assessments" page.
How do I submit my assessment for verification?

In order for the Velocity team to review your assessment for accuracy, you must perform each of the following:

  1. Answer each question
  2. Add required notes
  3. Add required documentation where requested in order to submit your assessment to us for review.

NOTE: The Submit for Review button is greyed out until all requirements are met. Use the Question Filter to easily filter through the questions that have missing information.

I received my Velocity score and submitted the Security Assessment for review. Now what?

A Velocity team member will review your assessment. You will receive an email after your assessment has been reviewed.

 
// FAQ - Vendor

VENDOR/3rd PARTY ASSESSMENTS :
I am a vendor who was requested to complete an assessment or I want a vendor to complete an assessment.

Where can I review my detailed results?

You can view a detailed explanation of your results on the Reports and Analytics Page. The Reports and Analytics page becomes visible once you complete your first questionnaire. You can also export the full Security Assessment results to Excel from the Questionnaire page.

Who has access to my results?

No one has access to your data except for the Velocity team once you submit the assessment for verification. You must release your results for a customer to have access from the "Customer Request" Page, by clicking the "Check" on the "What's Next" card or by affirming the release on submission.

How do I share my results with our customers?

Velocity offers an easy way to allow customers to view the completed assessment. Once a customer requests your assessment results you will receive a notification through email. Log into the Velocity portal, go to the Customers page, and approve the customer by selecting the plus box to move the requesting customer to the approved section.

What is the Vault?

The Vault is where your documentation is stored.

How do I submit my assessment for review?

First, you must complete the "Velocity Vendor"  questionnaire.  You will need to answer all questions, add notes, and supporting documentation where requested. The questionnaire cannot be submitted because until there are no missing notes or documents.

How do I find the questions (missing notes and documents) that I still need to answer?

You will need to complete the questionnaire if the overview page says that you have missing answers, notes or documents.  To quickly find the missing items:

  1. Go to Questionnaire: Go back into the questionnaire by selecting “Continue”
  2. Use Filter: Use the filter to select the missing items.
  3. Now you can complete the missing items.
How do I add a Product?

Vendors can add any number of products in Velocity to be assessed.  

  • Products can be added by navigating to "Org. Settings"
  • "Manage Products"
  • "Add Product" Button
What are acceptable documents during verification

Supporting documentation is needed during the data verification process. Some of the sections that companies have questions about are listed below with the type of documentation that is requested.

  • Cybersecurity Awareness Training
    • Screenshot showing the online security awareness training courses.
    • Document showing employees have completed online security awareness training.
  • Incident Response Plans
    • Incident Response Plans
    • Incident Response Policies
    • Incident Response Cover page and Table of Contents
  • Penetration Test
    • Redacted Penetration Test Report
    • Penetration Test Executive Summary
    • Detailed Attestation Letter including methodology, scope, and overall risk sections. *If the solution is an application, please specify if authenticated testing was included in the penetration test.
  • Risk Analysis
    • Latest Risk Analysis Report
    • Detailed Attestation Letter
  • Business Continuity Plans
    • BCP Plans or Policy
    • Redacted BCP plans
    • BCP Plans Cover Page and Table of Contents
  • Cyber Liability Insurance
    • Certificate of Insurance
    • Attestation letter showing Cyber liability coverage is in place.