Your CyberVadis assessment evaluates a specific legal entity - a defined organizational unit such as your entire company, a subsidiary, a parent company, a regional office, or a specific production site. This is called your assessment scope.
Where to find your scope
Your scope is confirmed on your questionnaire. Check the questionnaire summary page after registration to see exactly which entity is being assessed.
What the scope means in practice
The assessment evaluates the cybersecurity practices of the entire specified legal entity, not just the systems, data, or processes connected to the client who requested the assessment. This means your questionnaire will cover your company's full information security posture within the defined scope, regardless of which client relationship prompted the assessment.
If you were invited by a client
Your client has defined the scope of your assessment. Common configurations include:
Your entire company or group
A specific subsidiary or regional office
A specific production or operational site
If you initiated the assessment yourself
You will confirm your assessment scope during the registration process.
If your scope appears incorrect
An incorrect scope has two consequences: your score will not accurately represent your company's security posture, and you may encounter a high number of questions that feel irrelevant to your business. If this happens, it is a strong signal that your scope may need to be reviewed.
Contact your account manager or account.management@cybervadis.com before starting the questionnaire. Do not begin answering questions until the scope is confirmed: changing scope after the questionnaire has been started is significantly more complex and may require restarting the process.