Skip to main content

Collaborating with Vendors Using Vanta Exchange

J
Written by Jaquez Hodo
Updated over 2 weeks ago

With Vanta Exchange, Vendor Risk Management (VRM) users and vendors can now collaborate more efficiently during security reviews. Vanta Exchange provides a smoother experience by allowing vendors to upload documentation and complete questionnaires in one place. This streamlined process enables faster, more confident decision-making for security teams.

This update is especially valuable for organizations that develop their own questionnaires or want a more flexible and efficient way to manage vendor reviews.

Benefits of Using Vanta Exchange

  • VRM users and vendors can share questions and answers directly within the tool

  • VRM users can compare AI-generated and vendor responses to better assess a vendor’s security posture

  • Organizations can import their own custom questionnaires or build them directly in Vanta

  • A unified experience for vendors to upload evidence and respond to questionnaires in one workflow

How to Use Vanta Exchange for Vendor Collaboration

Manage Questionnaires

  • Click Settings > Add new questionnaire to manage vendor questionnaires

  • You can choose to:

    • Create, duplicate, or import a questionnaire

    • Edit an existing questionnaire

    • Decide whether to keep the questionnaire internal or send it to the vendor

  • You can also select a default questionnaire based on the vendor’s inherent risk level:

    • Assign a question to each inherent risk level for low, medium, or high inherent risk vendors directly in your VRM settings

  • When you start a new security review, the appropriate questionnaire will automatically apply based on the vendor's risk profile

  • If needed, you can override the default questionnaire at the individual security review level

  • As part of these improvements, Vanta has also consolidated the AI Templates and Security Questionnaires into a single list.

    • This makes it easier to manage your list of questionnaires, and allows you to compare AI and vendor answers in your analysis.

    • It also streamlines the evidence and questionnaire setup process by reducing confusion

Converting Spreadsheet Questionnaires

If you have custom security questionnaires saved as spreadsheets (CSV or XLSX), you can now convert them into Exchange compatible questionnaires right in Vanta.

  • Go to Settings > Questionnaires and scroll down to the Spreadsheet Questionnaires section

  • Click Convert next to the questionnaire you want to migrate

  • In the modal, click Download to get:

    • Your original spreadsheet

    • An Import Template formatted with two columns:

      • Question text

      • Response type (Text, Yes/No, or Any)

Screenshot 2025-05-07 at 2.30.11 PM.png

  • Open your original spreadsheet and:

    • Copy each question into the first column of the Import Template

    • Choose the appropriate response type in the second column

  • Back in Vanta, click Import, select your filled-out template, and Upload

Screenshot 2025-05-07 at 2.32.27 PM.png

  • Review the imported questions in the list and Save

  • Your questionnaire is now a native Exchange questionnaire ready to assign to vendors

Access Vendor Exchange

  • Navigate to the Evidence tab in your vendor’s profile

  • Here, you will find three sections: Vanta Exchange, Documentation, and Questionnaire

Review Vendor Answers

When your vendor starts answering questions, you can monitor their progress in real time. You’ll see responses from the vendor as well as AI-generated suggestions from Vanta.

Click on a question to view details, compare answers, and take actions like selecting a primary answer or flagging a finding.

Mark Questions as Reviewed in VRM

When you're done reviewing the vendor and AI-generated answers for a question, you can mark the question as Reviewed. This helps teams track progress, especially during large vendor reviews.

Marking a question as reviewed also locks in the primary answer, so you know exactly what the auditor will see even if the vendor updates their response later or AI re-generates an answer.

How to Mark a Question as Reviewed

  • Open the vendor's questionnaire in the VRM section of Vanta

  • Review the AI-generated answer and the vendor-provided answer

  • Select the Primary Answer you want to use

  • Click Mark as Reviewed

You’ll now see that the primary answer is locked. Any new vendor answers or AI changes will be timestamped so you can track updates.

You can also mark questions as reviewed in bulk

And filter to only view questions that are or aren't reviewed

FAQ:

Which answer gets locked when I mark a question as reviewed?

  • The primary answer is locked. You’ll still see timestamps on vendor and AI answers, so it’s easy to spot changes.

Can I mark multiple questions as reviewed at once?

  • Yes, you can bulk review questions.

Is this the same as approving a question?

  • Not yet. This feature tracks progress. For risk identification, keep using the Findings feature.

Can I unmark a question as reviewed?

  • Yes, questions can be marked as unreviewed at any time.

What if I want to update the locked answer?

  • Just mark the question as unreviewed. Vanta will refresh the latest answers so you can update.

Related Articles
Vendor Risk Management Settings
Vanta & ZIP Integration: Vendor Risk Management
FAQs: Vendors
Vendor Risk Management FAQs for MSPs
Vendor Risk Management (VRM) Implementation Guide