Risk Advisories

Gillian Langor Updated by Gillian Langor

Overview of Risk Advisories

Risk Advisories provide actionable insights into relevant news, public disclosures, or events that could affect a company’s risk profile. They are designed to keep you informed about developments impacting the confidentiality, integrity, and availability of information, as well as compliance, operational, financial, and other key risk factors associated with your onboarded vendors and their subservicers.

Each Risk Advisory includes the following details:

  • Title
  • Organization it pertains to
  • Type and Materiality rating, reflecting the nature and significance of the advisory, described in more detail below.
  • Network Exposure, indicating the number of vendors and nth parties impacted
  • Link to Source Documentation and its Publication Date
  • Optional Statement issued by VISO TRUST providing additional context

Screenshot of the monitoring view for risk advisories functionality

Types of Risk Advisories

Risk Advisories are organized into categories to help you quickly understand the nature of the event:

  • Security : Events related to the confidentiality, integrity, and/or availability of information being compromised
  • Compliance :Incidents involving a failure to meet regulatory compliance requirements, often resulting in fines or legal action.
  • Vulnerability: A disclosure of a weakness or flaw in a system that could be exploited to compromise security.
  • SEC 8K: A disclosure by a public company of a material security incident through an 8-K filing. These incidents are typically significant enough to impact shareholders’ decisions.
  • Legal: Incidents related to legal disputes, lawsuits, or regulatory actions affecting a company’s risk profile.
  • Geopolitical: Events driven by geopolitical factors, such as sanctions, international conflicts, or political instability, that could impact a company’s operations or supply chain.
  • Financial: Disclosures of financial risks, such as earnings losses, bankruptcy filings, or other material financial issues.
  • Operational: Events affecting a company’s operational capacity, such as natural disasters, system outages, or workforce disruptions.

Materiality of Risk Advisories

Materiality is determined through an automated system with human oversight, where each Risk Advisory is qualitatively analyzed and categorized based on the following criteria: an incident is considered material if a reasonable shareholder would likely consider it important when making an investment decision, including its impact on the company’s reputation, customer relationships, competitiveness, and potential litigation or regulatory actions.

Material advisory: An event that a reasonable shareholder would consider important for investment decisions, taking into account the incident’s impact on reputation, customer relationships, competitiveness, and potential litigation or regulatory actions.

Non-Material advisory: An event that does not meet the criteria for materiality but may still be relevant to assess.

Notifications for Risk Advisories

By default, the following users will receive email notifications for Risk Advisories related to onboarded vendors and their known subservicers:

Notification Type
Applies to?
Who gets it?

Email Notification

Material Risk Advisories for:

  • onboarded vendors
  • known subservicers of onboarded vendors
  • Relationship Business Owner
  • Relationship Creator
  • All Subscribers for the relationship

In-App Notification

All Risk Advisories for:

  • onboarded vendors
  • known subservicers of onboarded vendors
  • Relationship Business Owner
  • Relationship Creator
  • All Subscribers for the relationship

How to View Risk Advisories

You can access all Risk Advisories in the platform by selecting “Risk Advisories” from the main menu on the left-hand sidebar in the app. The advisories are organized into two main views for easy navigation:

  • From my network: A tailored view showing only those relevant to your onboarded vendors and their subservicers
  • All advisories: A comprehensive list of all Risk Advisories published on the VISO TRUST platform.

Additionally, go to the "Monitoring" tab on any relationship for the risk advisories about that vendor or their Nth parties.

Viewing the Risk Network Exposure

To explore the broader network impact of a specific advisory, you can access the Risk Network view in the following ways:

  1. From the Risk Advisory detail modal: Click the “View Network” button in the detailed view of the Risk Advisory.
  2. From the Risk Advisory list view: Click the “Network Exposure” hyperlink associated with the advisory in the list view.

Screenshot showing the network impact of a risk advisory in the graph view.

These options make it easy to dive deeper into the impact of each advisory and understand its relevance to your organization and vendor network.

Responding to Risk Advisories

VISO TRUST empowers you to actively reduce risk in response to an advisory.

Generate impact report

These dynamic, personalized reports assess your entire vendor population to offer a data-backed understanding of the impact of the advisory. VISO TRUST generated recommended mitigation actions for short- and long-term risk mitigation.

Request vendor response

Each risk event offers an opportunity to request more information from affected vendors. Simply click "Request vendor response" at the bottom of the advisory to start a collection request from affected vendors. 👉 Learn more about requesting vendor response

Take action

VISO TRUST Agent helps outline the impact of the advisory. Use the conversational interface to craft responses and understand the impact on your program.

👉 Learn more about the agent

How did we do?

Compliance Certifications and Publicly Derived Control Coverage

Contact