FAQ - Let us help you get the most out of Velocity
Great place to get started...
Who we are?
Stern Security is a cyber security company headquartered in Raleigh, NC dedicated to customer service and improving the long-term security posture of organizations.
What is Velocity?
Velocity is a cloud risk assessment platform that utilizes known security frameworks and regulations including NIST, CIS, PCI, HIPAA, FFIEC, MITRE ATT&CK, and Velocity’s own breach risk framework.
What the Velocity difference?
Some of Velocity’s largest differentiators are the following:
- Evaluate internal & third-party risk
- Data Verification – Analysts verify all threat intelligence and vendor questionnaire data
- Dynamic & Efficient Questionnaires – Vendor questionnaires are less than 75 questions and change depending on the vendor solution type.
- Threat intelligence + Questionnaires
- Product & Organization Evaluations – Velocity evaluates companies at the organization and product level.
- Estimate Breach Costs
- SOC Report Analysis – Velocity is the only platform that performs rapid reviews of SOC 2 & SOC 3 reports
- Freemium – You can measure your organization’s baseline security for free.
- Rapid Onboarding – Velocity’s onboarding process is 5 minutes.
- Go to https://app.velocitysec.com and choose “Create Account”.
- To get started, either...
- Login using the link found in the email invite
- Register with the email address your customer would have invited.
INTERNAL ASSESSMENTS :
I want to complete an internal assessment.
Someone closely familiar with company’s security and compliance measures.
Velocity is customizable to address your company’s specific needs. While times vary, Vendors should allocate an hour for their assessment and customers should allocate about an hour per selected framework.
All uploaded documents need to be in PDF format.
Some questions will need documentation for verification of the control. These questions will have a paperclip to denote an attachment. Hover your mouse over the paperclip for details on the type of documentation needed.
You can make changes and update your Security Assessment at a later date. Note – if your assessment has already been verified, any changes will require additional verification.
To give your team members access to your Velocity account.
- Navigate to "Org Settings" across the top
- Click "Manage Users"
- Enter "Email Address" in the bottom left side of the screen
- Click "Invite User" on the bottom right.
- User will be sent an invitation with all instructions, and you will be able to monitor there status in the table found on this page.
There are multiple ways to track your assessment status:
- From the "Dashboard", in the "Internal Risk Assessments status" widget
- From the "Internal Assessments" page.
In order for the Velocity team to review your assessment for accuracy, you must perform each of the following:
- Answer each question
- Add required notes
- Add required documentation where requested in order to submit your assessment to us for review.
NOTE: The Submit for Review button is greyed out until all requirements are met. Use the Question Filter to easily filter through the questions that have missing information.
A Velocity team member will review your assessment. You will receive an email after your assessment has been reviewed.
VENDOR/3rd PARTY ASSESSMENTS :
I am a vendor who was requested to complete an assessment or I want a vendor to complete an assessment.
You can view a detailed explanation of your results on the Reports and Analytics Page. The Reports and Analytics page becomes visible once you complete your first questionnaire. You can also export the full Security Assessment results to Excel from the Questionnaire page.
No one has access to your data except for the Velocity team once you submit the assessment for verification. You must release your results for a customer to have access from the "Customer Request" Page, by clicking the "Check" on the "What's Next" card or by affirming the release on submission.
Velocity offers an easy way to allow customers to view the completed assessment. Once a customer requests your assessment results you will receive a notification through email. Log into the Velocity portal, go to the Customers page, and approve the customer by selecting the plus box to move the requesting customer to the approved section.
The Vault is where your documentation is stored.
First, you must complete the "Velocity Vendor" questionnaire. You will need to answer all questions, add notes, and supporting documentation where requested. The questionnaire cannot be submitted because until there are no missing notes or documents.
You will need to complete the questionnaire if the overview page says that you have missing answers, notes or documents. To quickly find the missing items:
- Go to Questionnaire: Go back into the questionnaire by selecting “Continue”
- Use Filter: Use the filter to select the missing items.
- Now you can complete the missing items.
Vendors can add any number of products in Velocity to be assessed.
- Products can be added by navigating to "Org. Settings"
- "Manage Products"
- "Add Product" Button
Supporting documentation is needed during the data verification process. Some of the sections that companies have questions about are listed below with the type of documentation that is requested.
- Cybersecurity Awareness Training
- Screenshot showing the online security awareness training courses.
- Document showing employees have completed online security awareness training.
- Incident Response Plans
- Incident Response Plans
- Incident Response Policies
- Incident Response Cover page and Table of Contents
- Penetration Test
- Redacted Penetration Test Report
- Penetration Test Executive Summary
- Detailed Attestation Letter including methodology, scope, and overall risk sections. *If the solution is an application, please specify if authenticated testing was included in the penetration test.
- Risk Analysis
- Latest Risk Analysis Report
- Detailed Attestation Letter
- Business Continuity Plans
- BCP Plans or Policy
- Redacted BCP plans
- BCP Plans Cover Page and Table of Contents
- Cyber Liability Insurance
- Certificate of Insurance
- Attestation letter showing Cyber liability coverage is in place.