Feature availability: Third Party Risk Management (TPRM) was previously called Vendor Risk Management (VRM). While the Vendors page is included on all plans, some Third Party Risk Management features are only available as an add-on. Refer to Vanta Plans and Pricing for details.
TPRM in Vanta helps you manage the security risk introduced by the vendors your organization relies on. It supports key workflows like tracking vendors, running security reviews, and monitoring risk over time as part of your broader security and compliance program.
You’ll find TPRM features in the Vendors section of your account. From maintaining a vendor inventory to evaluating vendor security and staying aware of changes after a review, Vanta helps you assess risk consistently and respond as it evolves.
Training opportunities: We offer a self-paced training and an instructor-led workshop on TPRM.
Vendor management
The Vendors page is where you manage your vendor inventory in Vanta—from adding and discovering vendors to keeping each vendor profile up to date. A well-maintained inventory supports security reviews, monitoring, and audit readiness as your vendor ecosystem grows.
Add vendors and bring them into scope by creating vendor profiles manually, importing vendors in bulk, or pulling in connected integrations.
Manage vendor procurement requests by reviewing discovered vendors and intake submissions, and moving vendors through procurement into your inventory.
Maintain accurate vendor profiles so ownership, risk context, and review readiness stay up to date.
Learn more: Adding & Managing Vendors
Vendor security reviews
The Security reviews page is where you run and track vendor security assessments in one place. It brings together risk context, questionnaires, evidence, and findings so you can evaluate a vendor’s security posture and document the outcome of each review.
Manage security reviews to assess a vendor’s security posture based on their inherent risk.
Collaborate with vendors to collect evidence and review questionnaire responses using Vanta AI.
Finalize reviews with a recommendation and residual risk to document approval decisions and maintain an audit-ready record.
Learn more: Managing Vendor Security Reviews
Vendor risk monitoring
The Monitoring page helps you stay aware of changes in vendor risk after a security review is complete. It surfaces alerts and findings over time so you can understand what’s changed, assess impact, and decide when follow-up is needed.
See which vendors have continuous monitoring available so you know where Vanta can surface ongoing risk signals.
Review alerts and monitoring findings to understand what’s changed since a vendor’s last security review.
Stay on top of emerging risk by using severity and alerts to decide when follow-up or remediation is needed.
Learn more: Continuous Monitoring of Vendor Risk
Vendor settings
The Settings page is where you configure the rules and defaults that guide how vendor risk is managed in Vanta. Settings are organized into tabs, with each tab affecting how vendors move through inventory, reviews, and monitoring:
Tab | Description |
Create and manage the questionnaires used to collect consistent security information during vendor security reviews. | |
Define how inherent risk is automatically scored so vendors are consistently categorized based on how they interact with your data and systems. | |
Control how often vendors are reviewed and what evidence is required based on their inherent risk. | |
Create and manage custom fields to track additional information that’s important to your vendor reviews. | |
Configure alerts to notify your team when meaningful risk changes are detected for monitored vendors. | |
Enable a vendor intake form so internal teams can request new vendors directly in Vanta. |