What is the OpenFAIR™ model?

The OpenFAIR™ model is a tool for measuring a supplier’s business impact (Loss Magnitude) as a risk calculation. The methodology was conceived as a way to provide meaningful measurements so that it could satisfy management's desire to make effective comparisons and well-informed decisions. OpenFAIR™ has become the only international standard Value at Risk (VaR) model for cybersecurity and operational risk.


Third-Party Risk in Dollars & Cents

Having the capacity to use OpenFAIR™ assessment at scale for third-party risk management elevates risk management programs and communicates the probable financial impact of potential cyber incidents in business terms. NormShield's FAIR report helps attain the goal of cost effectively achieving and maintaining an acceptable level of loss exposure, while also clearly conveying the breadth of risks factors across an organization.

image (6)

View a Sample Report

3D Vendor Risk @ Scale (SM)

NormShield rates third-party risks and assigns a letter grade to each vendor, correlates findings with industry standards to inform compliance requirements, and quantifies probable financial impact to communicate risks in business terms

Technical Score

Perform non-intrusive, 60-second cyber risk assessments of any third party. Get scorecards with easy to understand letter-grades and drill down into technical details in each risk category.


Correlate findings to industry standards and best practices. Measure any third party's compliance with regulations like NIST 800-53, ISO27001, PCI-DSS, HIPAA, GDPR and Shared Assessments.

Financial Impact

Use the OpenFAIR™ model to calculate the probable financial impact if a cyber event were to occur at a third party in order to cost-effectively achieve and maintain an acceptable level of loss exposure. 

Request a Free Report