FortifyData and IRI Partner to Score Cyber Risk and Secure PII

FortifyData and IRI Partner to Score Cyber Risk and Secure PII

Dec 12, 2018 12:00 am

Data Security ISVs Assess Multi-Point Risks and Mask Data for Companies and Their Suppliers

Atlanta, GA, December 12, 2018 — FortifyData (, a top cyber risk consultancy and platform provider, and Innovative Routines International (IRI) (, a Gartner-listed data discovery and masking ISV, are partnering to help joint customers assess and reduce the risk of data breaches and privacy law violations. FortifyData and IRI will offer multi-source scanning, scoring, and remediation facilities for companies and their suppliers who collect or process primary account numbers (PAN), protected health information (PHI), and other sensitive or personally identifiable information (PII).

FortifyData provides a cyber risk analysis and monitoring platform to communicate cyber risks as quantifiable industry and corporate intelligence; i.e., it scores the likelihood of a breach and recommends tools that help drive investments and decisions to mitigate risk. IRI provides static and dynamic data masking products like FieldShield that find, classify, and de-identify sensitive data in multiple data sources, plus score re-ID risk. IRI also offers safe test data tools and a database firewall to block and audit traffic.

Users who can benefit from the combined offerings include:

Credit Card Data Processors – who can use the FortifyData platform to scan corporate external and internal networks, the dark web for stolen credentials, and other critical risk data points, producing a risk exposure score and recommendations. They can then use IRI FieldShield to find, classify, and encrypt (or tokenize) PANs. This combination supports PCI Prioritized Approach milestones and DSS compliance.

HIPAA Covered Entities and Business Associates – who can use the FortifyData platform to address third-party risk assessment requirements, plus IRI FieldShield to find and de-identify key PHI identifiers to comply with the HIPAA Safe Harbour Rule. FieldShield also scores re-identification risk from remaining PHI quasi-identifiers and further anonymizes them to comply with the Expert Determination Method Rule.

GDPR Data Collectors, Processors and EU Citizens – FortifyData provides monitoring, detection and response solutions to support information security and incident response aspects of GDPR compliance. IRI static and dynamic data masking software can find, deliver, mask, and delete PII in structured and unstructured data sources to comply with GDPR data portability and right-to-be-forgotten provisions.

According to FortifyData CEO Victor Gamra, “joining forces and platforms with IRI adds value for CISOs and compliance teams worldwide. For example, by combining our FortifyScore with FieldShield re-ID risk scores, they can get both holistic and atomic information and recommendations at the same time. We can also help companies more accurately assess third party risks, thus providing complete visibility on exposed, inherent risk,” he added.

About FortifyData

FortifyData is a cyber risk consultancy and platform provider dedicated to helping companies effectively monitor, assess, and communicate data-driven vulnerabilities that arise from their business, vendor, and M&A activities. In addition, the FortifyData platform helps its users demonstrate adherence to data privacy laws, and report on their compliance obligations. For information see

About IRI, The CoSort Company

IRI is a US data management and protection ISV founded in 1978 and represented in 40 cities around the world. Gartner has recognized five IRI products that serve the data masking market with a wide range of search, classification, de-identification, re-ID risk scoring, and auditing capabilities for PII in structured, semi-structured, and unstructured sources. For information, see

Press Contact
Victor Gamra ( )
+1 888-396-4110

Craig Schein (
IRI, The CoSort Company
+1 800-333-SORT, ext. 229


In 2017, at least 56% of companies experienced a third-party breach

Has your organization ever received phishing emails from a “trusted 3rd party”? Have any of your affiliate businesses experienced a data breach? Most likely, the answer is “Yes” or “we don’t know”.

In the ever-changing and dynamic cyber-security landscape, organizations are constantly faced with threats. The threats to your organization are direct, indirect, and very real. Exploitation, identity theft, hacking, and breaches have changed; year over year. However, the methodologies in which organizations assess the risk of their affiliates has remained static.

Stagnant practices of “vendor risk management” include simple due-diligence questionnaires that are sent to 3rd parties rely on good faith and honesty. However, we remain vulnerable to inadequate security measures that 3rd parties implement for protecting our data within their own organization. Vulnerabilities are not static, and neither are cyber-risks. While your organization may be performing due diligence and due care, your affiliates may not. Therefore, their negligence ultimately makes you susceptible to a potential data breach.

How do we pragmatically approach vendor risk? We have been left with few options, until now. The great minds at FortifyData began to construct ideas and methods to determine the risk levels of vendors and trusted organizations. The question that needed a swift answer was simple: How do we perform due diligence and monitoring to ensure that we are aware of the inherent risks that our affiliates may pose on us throughout the vendor relationship?

FortifyData has created a platform that measures risk in a dynamic and altruistic fashion. The platform is designed to equip you with the paramount knowledge to measure the risk of other organizations within your business-scope. From this platform, your organization can stay informed of the vulnerabilities of your vendors and 3rd parties so that you may better understand their likelihood of becoming another organization on the news.

With FortifyData, you can stay informed of inherent risks involving your 3rd parties and vendors through data breach history records and automated dark-web scanning that seeks out symptoms of a data breach. When the data of your 3rd party affiliates is compromised, you should know. Your organization’s critical assets and sensitive data may have been affected.

The new age of vendor risk is upon us and FortifyData can keep you informed of your vendor and third-party cyber-risks. In the fight against cyber-crime, the responsibility to keep our organizations secure has been legally and ethically bestowed upon us. We are now able to track vulnerabilities, data breaches, and measure the risk levels of our counterparts from a single pane of glass. No more third-party data breach concealments that adversely affect the security of your organization. Stay informed, be proactive, gain visibility in your vendor’s cybersecurity posture with FortifyData.