FAQ
Have a Question? Rivial is Here to Help.
Find answers to some of our most common questions below. If you prefer, visit our Resources tab to find useful tools, videos, and articles. Still can’t find what you’re looking for? By all means, contact us!
General
-
Do you meet with auditors?
Yes, we welcome the opportunity to meet with your auditors and walk them through our platform and methodology. We want to ensure your success!
-
Does the platform support MFA?
MFA is required for all access to the Rivial platform.
-
Does the platform include any templates?
The platform includes all of our policy templates, key risk indicators, all controls and evidence mapped, system templates, and incident response plans and playbooks.
-
Can we customize the platform branding?
You can replace the main logo with your own.
-
What other tools does the platform integrate with?
KnowBe4, Black Kite, Mitre Attack framework, and any system with an API.
-
Can we track our findings in the platform?
Of course! This is a key area in our program module to manage all your findings made within the platform and outside of it. You can assign users and set custom reminders and notifications.
Risk
-
How is the risk calculated in financial values?
We use Monte Carlo statistical analysis along with real-world breach data to accurately measure your risk in financial values.
-
What are the benefits of looking at risk in financial values?
Prioritize resources, build trust with management and the board of directors, and see the ROI of your cybersecurity budget.
-
Can you perform initial risk assessments to get us started?
Absolutely, we perform full risk assessments for many of our clients and would be happy to help you get started.
-
Do you use statistical analysis in your risk measures?
Yes, we use Monte Carlo analysis to accurately measure your cyber risk in financial values.
-
Can you present the results to our board of directors?
Certainly, we meet with the board often to assist with setting the risk tolerance and presenting the final risk results.
-
How can we prioritize our cybersecurity initiatives based on your risk assessment?
Risk recommendations in the platform are periodized based on ROI. It shows you where you will reduce the maximum amount of risk with your budget.
-
How long does performing a risk assessment in your platform take?
On average it takes around 15-30 minutes per system depending on the complexity.
-
Has your risk assessment process been vetted by auditors/examiners?
Yes, we have met with many auditors and examiners and have received no findings and nothing but positive feedback about the software and risk methodology.
Compliance
-
What control frameworks do you have?
CIS, ISO 27002, NIST CSF, ACET, CAT, FedLine, SOC 2, HIPPA, InTrex, PCI DSS 4.0, and many others. We can add any control framework to the platform and will map it to evidence for you.
-
Can we see our compliance across multiple control frameworks?
Yes, we take an evidence-based approach so each of our control frameworks all mapped to our evidence database. You upload your evidence once and see your compliance across all control frameworks.
-
Do you offer services to support our compliance efforts?
Yes, we call it Continuous Compliance. We will set up the module for you, and review/validate your evidence items weekly. You receive a monthly status report on your overall compliance.
-
Can we track our cyber insurance requirements?
Yes, we can import your cyber insurance requirements and map them to the evidence you are already tracking.
-
Can our external auditor log into the platform if we have an audit?
Absolutely, you can grant them read-only access, or they can use the platform to perform your audit.
-
If an auditor doesn’t want to log into the platform, how can we provide them with artifacts?
We have a 1-click artifact download feature.
Vulnerability Management
-
What vulnerability scanners does your platform support?
Nessus, OpenVas, Rapid 7, Qualys
-
Does the platform prioritize vulnerabilities?
Yes, the platform uses multiple data points to prioritize your vulnerabilities for remediation.
-
Can we track false positives in the platform?
Yes, once a false positive is marked, it will not show up for that vulnerability and IP address in the future.
-
Are vulnerabilities auto-resolved from scan to scan?
Yes, if a vulnerability from a prior scan does not show up on a subsequent scan on the same IP address the vulnerability will auto-resolve.
Training & Support
-
Are training and support included with your cybersecurity management platform?
Yes, unlimited training and support are included with any module of our platform. Initially, we walk you through our 6-step onboarding process to get you started.
-
Do you offer professional services to assist with our risk and compliance management?
Yes, we have a professional service offering to support each module if you want expert assistance running that portion of your security program.