With Vanta Exchange, Vendor Risk Management (VRM) users and vendors can now collaborate more efficiently during security reviews. Vanta Exchange provides a smoother experience by allowing vendors to upload documentation and complete questionnaires in one place. This streamlined process enables faster, more confident decision-making for security teams.
This update is especially valuable for organizations that develop their own questionnaires or want a more flexible and efficient way to manage vendor reviews.
Benefits of Using Vanta Exchange
VRM users and vendors can share questions and answers directly within the tool
VRM users can compare AI-generated and vendor responses to better assess a vendor’s security posture
Organizations can import their own custom questionnaires or build them directly in Vanta
A unified experience for vendors to upload evidence and respond to questionnaires in one workflow
How to Use Vanta Exchange for Vendor Collaboration
Manage Questionnaires
Click Settings > Add new questionnaire to manage vendor questionnaires
You can choose to:
Create, duplicate, or import a questionnaire
Edit an existing questionnaire
Decide whether to keep the questionnaire internal or send it to the vendor
You can also select a default questionnaire based on the vendor’s inherent risk level:
Assign a question to each inherent risk level for low, medium, or high inherent risk vendors directly in your VRM settings
When you start a new security review, the appropriate questionnaire will automatically apply based on the vendor's risk profile
If needed, you can override the default questionnaire at the individual security review level
As part of these improvements, Vanta has also consolidated the AI Templates and Security Questionnaires into a single list.
This makes it easier to manage your list of questionnaires, and allows you to compare AI and vendor answers in your analysis.
It also streamlines the evidence and questionnaire setup process by reducing confusion
Converting Spreadsheet Questionnaires
If you have custom security questionnaires saved as spreadsheets (CSV or XLSX), you can now convert them into Exchange compatible questionnaires right in Vanta.
Go to Settings > Questionnaires and scroll down to the Spreadsheet Questionnaires section
Click Convert next to the questionnaire you want to migrate
In the modal, click Download to get:
Your original spreadsheet
An Import Template formatted with two columns:
Question text
Response type (
Text
,Yes/No
, orAny
)
Open your original spreadsheet and:
Copy each question into the first column of the Import Template
Choose the appropriate response type in the second column
Back in Vanta, click Import, select your filled-out template, and Upload
Review the imported questions in the list and Save
Your questionnaire is now a native Exchange questionnaire ready to assign to vendors
Access Vendor Exchange
Navigate to the Evidence tab in your vendor’s profile
Here, you will find three sections: Vanta Exchange, Documentation, and Questionnaire
Review Vendor Answers
When your vendor starts answering questions, you can monitor their progress in real time. You’ll see responses from the vendor as well as AI-generated suggestions from Vanta.
Click on a question to view details, compare answers, and take actions like selecting a primary answer or flagging a finding.
Mark Questions as Reviewed in VRM
When you're done reviewing the vendor and AI-generated answers for a question, you can mark the question as Reviewed. This helps teams track progress, especially during large vendor reviews.
Marking a question as reviewed also locks in the primary answer, so you know exactly what the auditor will see even if the vendor updates their response later or AI re-generates an answer.
How to Mark a Question as Reviewed
Open the vendor's questionnaire in the VRM section of Vanta
Review the AI-generated answer and the vendor-provided answer
Select the Primary Answer you want to use
Click Mark as Reviewed
You’ll now see that the primary answer is locked. Any new vendor answers or AI changes will be timestamped so you can track updates.
You can also mark questions as reviewed in bulk
And filter to only view questions that are or aren't reviewed
FAQ:
Which answer gets locked when I mark a question as reviewed?
The primary answer is locked. You’ll still see timestamps on vendor and AI answers, so it’s easy to spot changes.
Can I mark multiple questions as reviewed at once?
Yes, you can bulk review questions.
Is this the same as approving a question?
Not yet. This feature tracks progress. For risk identification, keep using the Findings feature.
Can I unmark a question as reviewed?
Yes, questions can be marked as unreviewed at any time.
What if I want to update the locked answer?
Just mark the question as unreviewed. Vanta will refresh the latest answers so you can update.