Ostendio MyVCM

Additional Info

Company size (employees)10 to 49
Type of solutionCloud/SaaS


Ostendio MyVCM™ is an innovative, industry-leading Integrated Risk Management Platform that makes it easier to build, operate, and showcase an organization’s security program. Businesses of any size or industry that need to demonstrate compliance to security standards internally and externally can benefit from Ostendio MyVCM. The platform provides a single solution that incorporates users and requirements from across the enterprise. It gives access to over 150 standards, regulations, and frameworks including SOC 2, FedRAMP, HITRUST, and HIPAA.

Ostendio MyVCM helps companies:
Identify and quantify enterprise risk;
Quickly build and deploy security assessments;
Manage and respond to security incidents and breaches;
Align vendors and suppliers to security and compliance standards.

By using MyVCM Auditor Connect, Ostendio customers who intend to work with an auditor can enter audit requirements and request information from auditors with the MyVCM Auditor Connect marketplace. Auditors can contract directly with Ostendio customers within the platform, providing a more transparent and efficient process. This offers customers and auditors significant time and cost savings when completing a complex audit.

MyVCM Vendor Connect addresses vendor security by allowing customers to invite vendors to create and maintain online records of their security and compliance readiness via assessments. Responses link to supporting documentation that is easily accessed and kept up to date. MyVCM customers can designate assessments to vendors based on specific regulations, or tailor them to their specific requirements.

The Ostendio MyVCM platform currently handles over 100,000 user activities every month, and over the past 12 months has supported more than 1,250 security assessments.

Ostendio customers join the MyVCM Trust Network which connects organizations with their vendors to help them safely share security information. Ostendio aims to make the MyVCM Trust Network the default security and risk management community in North America.

How we are different

The Ostendio MyVCM platform is a game-changer for customers completing a cybersecurity audit.
1. It has a deeper reach - the platform is rolled out to and used by every employee, contractor, and support personnel, not just the security team. When everyone is involved in cybersecurity it is more meaningful to the organization.

2. It has a broader reach - Ostendio MyVCM customers automatically become part of the MyVCM Trust Network which allows them to connect with any other MyVCM Customer to send and receive security information. For example, MyVCM users send out vendor risk assessments with MyVCM Vendor Connect and work with auditors using MyVCM Auditor Connect. In each scenario, customers can send and receive sensitive data without ever having to leave their own MyVCM instance.

3. It is more comprehensive - The Ostendio MyVCM platform supports every aspect of an organization's cyber security program, from policy and procedures to asset management, risk management, learning management, incident management, training, and more. Essentially the platform can be used to build, operate and showcase every aspect of an organization's security and risk management program across more than 150 industry frameworks and regulations.

MyVCM Auditor Connect streamlines the way auditors and customers work together to complete a cybersecurity audit. It can save 50% in time and cost of a security audit. It renders spreadsheets, third-party file shares, and storage devices effectively obsolete. Customers being audited track their progress in real-time, communicating with their auditor about their progress within the platform. This makes audits easier to manage and represents the first step towards transitioning audits from being episodic annual events to an efficient process of continual assessment.