Workflow Guides

Step-by-step diagrams and instructions for every core process in CybersecCloud.

New Vendor Review

End-to-end workflow for evaluating a new vendor, from submission to final decision.

Vendor review workflow diagram

Steps

  1. Vendor Submission — Buyer or procurement team submits a new vendor for evaluation via the Vendor Intake form.
  2. Auto-Enrichment — Platform automatically enriches the vendor profile using public data sources (SEC filings, breach databases, domain intelligence).
  3. Questionnaire Distribution — A tailored security questionnaire is sent to the vendor contact based on their industry and risk tier.
  4. Evidence Upload — Vendor uploads compliance certifications, SOC reports, penetration test results, and policies to the Evidence Vault.
  5. AI Pre-Analysis — AI engine parses evidence documents and questionnaire responses, flags gaps, and generates a preliminary risk assessment.
  6. Analyst Review — A human security analyst reviews AI findings, verifies evidence authenticity, and assesses residual risk.
  7. Trust Score Calculation — The 8-dimension trust score is computed based on all collected data and analyst input.
  8. Committee Decision — For high-risk or large vendors, a review committee convenes to make the final approve/reject decision.
  9. Decision Communication — The vendor and internal stakeholders are notified of the outcome with a detailed report and recommended conditions.
  10. Onboarding / Remediation — Approved vendors enter onboarding; conditional approvals trigger remediation workflows with deadlines and follow-ups.

Evidence Collection & Upload

How vendors submit compliance evidence and how it flows through verification.

Evidence upload workflow diagram

Steps

  1. Request Created — An evidence request is generated (manually or automatically from a questionnaire gap).
  2. Vendor Notified — Vendor receives an email with a secure upload link and a list of required documents.
  3. Document Upload — Vendor uploads files (PDF, DOCX, images, or ZIP) to the Evidence Vault via the secure portal.
  4. AI Parsing — Uploaded documents are parsed by AI to extract key metadata, expiry dates, control mappings, and certifications.
  5. Integrity Check — File hashes are computed and stored. Any tampering after upload is detectable.
  6. Analyst Verification — Human analyst reviews parsed data, confirms accuracy, and marks evidence as verified or requests re-upload.
  7. Vault Sealed — Verified evidence is sealed into the vault with an immutable audit trail and linked to the vendor profile.

Risk Assessment

How risk tiers are assigned and how they affect vendor evaluation priority.

Risk assessment workflow diagram

Steps

  1. Data Access Classification — Determine what data the vendor will access (PII, PHI, financial, public).
  2. Integration Scope — Assess the depth of system integration (API, network, physical, none).
  3. Inherent Risk Scoring — AI calculates an inherent risk score based on data sensitivity, industry, and geography.
  4. Tier Assignment — Vendor is assigned a risk tier (Critical, High, Medium, Low) that determines SLA and review depth.
  5. Control Mapping — Required controls are mapped based on the risk tier and applicable frameworks (SOC 2, ISO 27001, GDPR).

Trust Score Calculation

How the 8-dimension composite trust score is computed for each vendor.

Trust scoring workflow diagram

Steps

  1. Data Aggregation — All evidence, questionnaire responses, monitoring data, and public intelligence are aggregated into the scoring engine.
  2. Dimension Scoring — Each of the 8 dimensions (Security Maturity, Deployment Readiness, AI Governance, Transparency, Resilience, Remediation Speed, Data Trust, Executive Confidence) is scored individually (0-100).
  3. Weighting — Dimension weights are applied based on the buyer's industry, risk appetite, and compliance requirements.
  4. Composite Calculation — A weighted composite score is computed, along with confidence intervals and trend indicators.
  5. Profile Publication — The trust profile is published to the vendor's profile page with a visual breakdown and historical trend chart.

Continuous Monitoring

How ongoing vendor risk is tracked after initial approval.

Continuous monitoring workflow diagram

Steps

  1. Monitoring Enrollment — Approved vendors are automatically enrolled in continuous monitoring based on their risk tier.
  2. Signal Collection — Threat intelligence feeds, breach databases, certificate transparency logs, and domain reputation are scanned daily.
  3. Alert Generation — Anomalies and material changes trigger alerts that are routed to the assigned analyst.
  4. Trust Score Update — Significant events cause automatic trust score recalculation with before/after comparison.
  5. Stakeholder Notification — Buyers who rely on the affected vendor receive real-time notifications and recommended actions.

Score Appeals

How vendors can dispute or request reconsideration of their trust score.

Steps

  1. Appeal Submission — Vendor submits an appeal through the Trust Profile page with supporting evidence or corrections.
  2. Review Queue — The appeal enters the analyst review queue, prioritized by vendor risk tier.
  3. Evidence Re-Evaluation — Analyst reviews new evidence, compares against previous findings, and may request clarification.
  4. Score Adjustment — If the appeal is valid, the trust score is recalculated and the profile is updated with an audit note.
  5. Outcome Notification — Vendor receives the decision with a detailed explanation, regardless of outcome.

Framework Mapping

How CybersecCloud maps vendor controls to compliance frameworks.

Steps

  1. Framework Selection — Choose applicable frameworks (SOC 2, ISO 27001, NIST CSF, GDPR, HIPAA, etc.) from the compliance library.
  2. Control Extraction — Platform extracts individual control requirements from each framework.
  3. Cross-Mapping — Controls are automatically cross-mapped between frameworks to identify overlaps and reduce duplicate assessments.
  4. Gap Analysis — Vendor's existing evidence and responses are evaluated against each control to identify gaps.
  5. Remediation Plan — Unmet controls generate remediation tasks with deadlines and priority levels.

Audit Trail

Immutable activity logging for compliance and accountability.

Steps

  1. Event Capture — Every action (login, view, edit, upload, decision) is captured with timestamp, actor, and IP address.
  2. Immutable Storage — Events are written to an append-only log that cannot be modified or deleted.
  3. Search & Filter — Use the Audit Log page to search events by vendor, user, action type, or date range.
  4. Export — Export filtered logs as CSV or PDF for external auditors and compliance teams.

Remediation Tracking

How remediation tasks are assigned, tracked, and verified.

Steps

  1. Task Creation — Remediation tasks are auto-generated from compliance gaps, analyst findings, or committee conditions.
  2. Assignment — Each task is assigned to the vendor with a deadline, priority, and detailed description.
  3. Vendor Action — Vendor implements the fix and uploads proof of remediation (new policy, reconfigured system, etc.).
  4. Verification — Analyst reviews the remediation evidence and marks the task as resolved or requires further action.
  5. Score Impact — Successful remediation triggers a trust score recalculation, improving the vendor's profile.
  6. Deadline Enforcement — Overdue tasks escalate automatically, with notifications to both the vendor and internal stakeholders.

Support Ticket Submission

How to submit a support ticket and track its resolution.

Support ticket workflow diagram

Steps

  1. Ticket Creation — Submit a ticket via the Help Center, in-app support widget, or email to support@cyberseccloud.com.
  2. Auto-Classification — AI classifies the ticket by category (billing, technical, security, feature request) and priority.
  3. Agent Assignment — Ticket is routed to a specialist based on category, priority, and current agent workload.
  4. Investigation — Agent investigates the issue, may request additional details, and provides status updates.
  5. Resolution — Agent resolves the issue and provides a detailed explanation. Affected systems are verified.
  6. Feedback — You receive a satisfaction survey. Your feedback helps improve our support quality.

Escalation Path

How critical or unresolved tickets escalate through support tiers.

Escalation Tiers

  1. Tier 1 — Front-line Support — Initial response, triage, and resolution of common issues. Target: 4-hour response.
  2. Tier 2 — Technical Specialist — Complex technical issues escalated from Tier 1. Deep investigation with platform engineers.
  3. Tier 3 — Engineering — Platform bugs, infrastructure issues, or security incidents requiring code-level investigation.
  4. Executive Escalation — For critical business-impacting issues, a named executive sponsor is assigned until resolution.

Need more help? Check out the FAQ or contact support.

FAQ Contact Support