Panorays Release Notes

This quarter’s releases focus on empowering customers to conduct security risk assessments with Panorays, ensuring compliance with new regulations while offering enhanced management and reporting capabilities.

2025 Advanced SIG Evaluation

Configure SIG content to align with your regulatory and policy requirements, ensuring compliance with new standards and regulations. Panorays’ SIG 2025 is mapped to DORA and NIS2, along with other key regulations and standards. Scope each questionnaire based on the material risks associated with each supplier relationship. With full support for all SIG versions, Panorays enables faster evaluations and allows third parties to seamlessly upload completed SIGs.

Inherent Risk Questions

Collaborate with internal and external stakeholders to assess your third parties’ business impact and their relationship with your company. Within Panorays’ questionnaires, you can define which questions should be included in the business impact assessment. Learn More.

Task Management Consolidation

From one centralized location, you can find, track, and manage all tasks assigned to your suppliers and internal teams. This allows you to collaborate easily with your team to prioritize and resolve requests more efficiently. Learn More.

Live Dashboards: Drill Down

Gain deeper insights into your Live Dashboard widgets with detailed supplier breakdowns for various report types. Monitor the status of critical findings and remediation tasks across suppliers, enabling you to assess and track third-party progress effectively. Learn More.

Activity Center Improvements

The audit trail page now includes a new category for security events, tracking user login activities. This provides a comprehensive view of all activities performed on Panorays, both per supplier and across all suppliers. Learn More.

Complying with evolving regulations is essential—which is why we’ve introduced a market-leading module for DORA—while also enhancing our TPRM offering alongside our threat intelligence technology.

DORA File Generator

With Panorays’ new premium add-on module, you can generate a complete DORA Register of Information report into a ready-to-send file for the Supervisory Authorities (SA). Our built-in questionnaire templates cut off the time and effort required to fill in DORA’s Excel sheet with specific coding values. Learn More.

Portfolios

This feature lets you organize your third parties into distinct groups, prioritizing and managing each relationship based on its specific risk and importance to your business. To ensure that your resources are focused where they matter most, Portfolios allows you to segment your third parties based on various criteria such as: criticality, sensitivity, geolocations, company departments and many more. Learn More.

Activity Center

Get a consolidated overview of logs to track all suppliers’ activities on Panorays. You can filter and export data for reporting, providing enhanced visibility to monitor and track supplier events. Learn More.

Dark Web Enhancements

Stay on top of your Dark Web mentions by viewing those relevant to your company and your third parties with detailed information such as Source Type, Site and more. This feature gathers, processes, and categorizes information from Cyber Threat Intelligence (CTI), providing updated insights and sending alerts about relevant activities. Learn More.

Task Management: General Tasks

Open a customized task for your internal teams or third parties from one centralized place. This allows you to operate in a smoother way where follow-ups on tasks become much easier. Learn More.

Business Snapshot: Certifications Improvements

We have enhanced our third-party cyber assessments by incorporating public certifications into their Bottom Line risk rating, which our experts manually review to ensure accuracy. Learn More.

Internal Questionnaires Report

Easily view and report your internal questionnaire status through a widget in Live Dashboards or in the executive summary PDF report.

This quarter’s feature releases focus on enhancing our Risk DNA assessments to strengthen our unique comprehensive Bottom-Line Risk Ratings. Key updates include a centralized findings page, expanded cyber news sources, improved reporting capabilities, and advanced AI technology— designed to improve operational efficiency.

Internal Questionnaires

Circulate questionnaires within your company to gather information about third parties from relationship owners at all stages of the assessment process, such as due diligence and SLA reviews. This streamlines the assessment process and fosters collaboration within your organization. Learn More.

Risk Policy: Custom Factors

Admins can set a default configuration to add/reduce points from the bottom line risk rating based on external factors such as offline questionnaires, completing a SOC2, trusted vendor… This can be applied to each supplier separately and on demand with the option to request mandatory evidence. Learn More.

Live Dashboards

Build customized reporting dashboards by choosing your preferred data visualization from a variety of widgets. This enables you to create reports tailored to the data that matters most to you, aligning with the needs of your management and board. Learn More.

Findings Management

Experience our new centralized findings page with an intuitive UI and data enrichment to support more informed decision-making. Get detailed information about each finding and take immediate action, such as confirming resolutions or disputing findings. Learn More.

Answer Lookup

With the AI-powered search bar,  your third parties will be able to find past responses from previously answered questions. It displays a list of similar questions to the search input, including their answers, questionnaire sources, and a similarity match score. This ensures faster, more consistent, and more accurate questionnaire responses. Learn More.

Cyber News: SEC 8-K filings

View and receive alerts on latest cyber events filed by breached companies, with the addition of SEC 8-K filings as a new source to our cyber news and alerts. Learn More.

New Cyber Posture Findings: Content Security Policy (CSP)

This new Cyber Posture finding checks if CSPs are configured according to security best practices. This finding is categorized into two severity levels: High and Low.

Leverage the full benefits of Panorays AI suite. Each AI feature is designed to boost your efficiency and precision, let you stay proactive against emerging threats, and streamline your operations.

Smart Validation

Our AI Feature automatically parses documents submitted by third parties, either attached to questionnaires or uploaded in the Files and Documentation tab. It correlates these documents with specific questions and responses, providing AI-generated confidence scores and evidence supporting or contradicting the answers. This eliminates the need for manual comparison against complex policies, certifications, and attestations. As a result, reviewers can save time and effort, make quicker and more informed decisions, and easily initiate remediation tasks or inquiries directly in the conversation section. Learn More.

Segments

Segment your third parties into subsets based on specific assets. Select the most relevant assets based on their domain or geolocation to create segments that you’d like to prioritize and track. Segments give you a more focused view of your third parties by generating an attack surface assessment for those specific assets. Learn More.

Supply Chain Discovery: Evidence and Navigation

Enhance visibility into Supply Chain Discovery, showing detailed insights into your direct, unregistered Nth parties. Now with added context and control, easily select which ones to add to your Panorays account for assessment and continuous monitoring. Learn More.

Remediation Management: Automatic Reminders

No need to manually monitor your third parties’ remediation tasks’ progress or statuses. From now on, third parties will receive automatic email reminders to fix open remediation tasks 3 days prior to their due date. Learn More.

This release introduces key enhancements and new features to automate and streamline the third-party assessment process, improving visibility, accuracy, and in-platform communication, thereby enabling more efficient management of third-party cyber risks.

Intake Form

Now internal stakeholders across departments can seamlessly add new suppliers to Panorays with a one-time verification process without the need to sign in. Learn More.

Supplier Archival

A new ‘Archived’ status has been added for third parties that are inactive, have terminated their contract, or no longer require assessment. Once a third party’s status is changed to ‘Archived’, their cyber assessments will be stopped, while their files and documents are stored and saved. Learn More.

Cyber News Enhanced

We have enriched our data sources for Cyber news, offering more comprehensive exposure to your business-specific Cyber risks. All news is organized with our new AI-based categorization and classification system. Learn More.

Risk Insight and Response Portal: Internal Note

Now you can manage Risk Insights events more efficiently by communicating with your team members within the portal or by leaving memos detailing your decision rationale and documenting the relevant circumstances. Learn More.

API v2.0

Experience significant performance enhancements with our updated API, including faster response times and smoother interactions. Now, easily access a range of questionnaire templates, retrieve remediation data, assign Portfolios to third parties and much more. Learn More.

Transform your risk management process, simplify third-party management, and automate time-consuming tasks. Our latest features let you enhance your workflow, ensure compliance, and drive efficiency.

Workflow Automation

Save time and resources by streamlining your third-party evaluation process with the new Workflow Automation feature. Now, you can define preset rules to automatically approve or reject third parties, generate remediation tasks, and assign responsibilities to multiple stakeholders throughout the approval journey. These rules are triggered based on Questionnaire Ratings, Cyber Posture Ratings, and Risk Ratings that reflect your company’s security policy. Additionally, rules can be applied based on business impact as well as third-party risk status. Learn More.

Smart Match: Upload Questionnaires

This feature allows third parties to upload previously answered questionnaires from outside Panorays, enabling Smart Match to draw better results when answering new questionnaires. Learn More.

Internal References

Leave internal notes for questionnaire reviewers, giving them additional details into company policy, compliance and more. This accelerates the review process and enhances accuracy.

Optimize the evaluation process with our new AI-powered feature, Smart Match!

Panorays integrates AI capabilities to benefit the entire ecosystem – a fast, easy, and secure solution for both sides of the evaluation process.

Smart Match

Streamline the questionnaire submission process, reduce reliance on internal stakeholders and ensure consistent answers across various questionnaires with Smart Match.

Smart Match uses previously answered questions and suggests matching answers while completing the questionnaire. The AI-generated library presents pre-answered questions ranked by similarity score allowing responders to choose the most relevant answer. This effectively accelerates the questionnaire response time. Learn More.

Gain valuable insights into your extended attack surface with Panorays’ latest features!

From Supply Chain Discovery to detailed Asset Management and Risk Insights, you’ve got the tools you need to monitor your expanding attack surface and respond to cyber threats.

Extended Attack Surface Monitoring

Supply Chain Discovery
By generating an extensive list of your direct and indirect suppliers, Supply Chain Discovery maps out your digital supply chain, revealing Shadow IT, and providing a cyber posture rating for each identified supplier. Next to each discovered company, you’ll also see a Commonality rating, reflecting how broadly this company appears in others’ Supplier Inventory. With a click of a button, you easily add relevant suppliers to your own inventory for extensive monitoring and managing. Learn more.

Risk Insights and Response Portal
Get first-hand alerts on cyber risks impacting your supply chain with the Risk Insights and Response Portal. The portal reports an overview of several types of risks such as vulnerabilities, breaches, news updates, and zero-day attacks, revealing your exposure to the event across your digital supply chain. With automated details of each risk, you’ll see which of your direct and indirect suppliers were affected by the incident and take immediate action by sending a breach questionnaire to your suppliers. As well, the detailed breakdown of affected companies makes it easier to comply with today’s regulations requirements and report on the full impact of a cyber event. Learn more.

Known Exploited Vulnerabilities
We’ve added CISA’s Known Exploited Vulnerabilities (KEVs) into our detection of technology vulnerabilities, to provide a more accurate risk assessment. KEVs are now prioritized as Critical findings, reflecting a more actionable view of your riskiest findings and making it easier to prioritize KEVs as part of your Findings remediation efforts. Learn more.

Asset Details
The new Asset Details sidebar provides enriched data on your and your third parties’ discovered Assets, letting you drill down to DNS, Network, Registration, and Web details. Make informed decisions to remediate findings and reduce your cyber risks, by understanding how each asset was discovered, its criticality, and the implications it has on your overall cyber posture.

Improved Remediation Management

Remediation Management: Bulk Task Creation
Save time with new Bulk Task Creations! Simplify the process of creating multiple remediation tasks by “bulk selecting” findings and questions at once. Instead of multiple emails to your third parties, they will now receive one condensed email with the selected task IDs. Learn more.

API Improvements
We’ve improved our API capability to include:

• Expanded web documentation with additional endpoints, enabling you to automate a wider range of rules and actions.
• Admins now can create, modify, and remove API Tokens within the Panorays platform, while maintaining control over access permissions.

Learn more.

Custom Emails
Personalize your emails to third parties with our newly customizable email templates! You can now edit emails for Security Questionnaires, Remediation Tasks, and Security Passport by fully customizing the email copy, subject, and CTA, giving you full control of what to communicate. Learn more.

Inventory Management
Gain visibility over all your unassessed third parties from one centralized place. Now you can make informed decisions by selectively evaluating chosen third parties and determining their assessment type from your Inventory.

In this release we added a few new capabilities to help manage third-party security risk from start to finish and eliminate the need to jump between tools and platforms.

Read how our Q1 2023 features support the entire process from prioritization, evaluation, mitigation and continuous monitoring.

1. Prioritization

Third-Party Inventory
Third-Party Inventory allows you to view and manage all your third parties in one place, regardless of tiers and types of evaluations. Your single source of truth enables you to classify third parties by inherent risk and choose the appropriate evaluation process for each third party. You can also upload security control documentation for unassessed third parties and monitor their approval status. Learn more.

2. Evaluation

External Attack Surface Assessment

Endpoint Detection
Endpoint detection is a new category in Panorays’ external attack surface assessment. Endpoints, referring to all devices connected to a company’s network such as desktops and laptops, are often a major target for malicious actors. That’s why ensuring the security of all endpoints is a critical step for defending the front line of an organization’s network. With Endpoint Detection, Panorays users have visibility into their third-party’s endpoints and their impact on cyber posture, allowing them to address any security gaps. Learn more.

Smart Questionnaires

Questionnaire Conversations
Communicate and collaborate efficiently with third parties on every question, while they answer the questionnaire, rather than waiting until after its submission. This results in a more streamlined and organized experience. Additionally, send internal messages to your team members for clarification or adjustment, creating an efficient internal workflow. Learn more.

Integration and Ratings

Correlated Insights
With Panorays’ integrated solution, view the results from questionnaires and external assessment findings side-by-side, in a single pane of glass. No misalignment and no fragmented workflows; you can validate responses and findings against each other and streamline your entire review process. Learn more.

Risk Policy
Your admin can customize your third parties’ bottom-line risk rating calculation, providing greater flexibility and control. This includes adjusting the weighting methodology for questionnaires and External Attack Surface Assessment, and factoring in additional considerations such as critical tests and expired questionnaires. You can also modify the risk rating matrix values based on inherent risk and Panorays combined score. These modifications apply to all third parties and are fully transparent, as outlined in the newly added manual. Learn more.

Override Risk Rating
By granting admin permissions, you can manually adjust the bottom-line risk rating (which considers the questionnaire score, external attack surface assessment score and inherent risk calculation). This provides you the flexibility you need to consider external factors that were not included in the evaluation conducted through Panorays. Real-time changes are visible to all users for transparency and easy tracking. Get complete control and flexibility over your third-party’s risk rating. Learn more.

3. Mitigation

Remediation Management
There is a new centralized location to oversee and manage remediation tasks, streamlining the entire process from creation to resolution, while collaborating with your third parties.
Easily create tasks for your third parties so they can quickly address any security issues identified in questionnaire responses or External Attack Surface Assessments findings. Our new Cyber Impact Score makes it simple for you to prioritize tasks by informing you how mitigating a task will enhance the rating of the third party involved. Collaborate with your third parties on each task by assigning it to the relevant contact and communicating through the platform. In the new remediation tab, track and monitor all tasks assigned to each third party, enhancing visibility. Learn more.

4. Continuous Monitoring

Automated Reevaluation
Customize and automate the reevaluation of your third parties based on their inherent risk, frequency, and priority. Set up a personalized process for each third party that includes creating reminders with email notifications, and scheduling recurring reevaluation using relevant question templates.

Approval Snapshot
Automatically capture the bottom line risk rating score of your third parties once their status is changed. Screenshots are saved as a record of past scores and can assist your decision-making process. Compare scores for each third party before reevaluations and obtain an overview of cybersecurity posture improvements.