Feature availability: Third Party Risk Management (TPRM) was previously called Vendor Risk Management (VRM). While the Vendors page is included on all plans, some Third Party Risk Management features are only available as an add-on. Refer to Vanta Plans and Pricing for details.
TPRM in Vanta helps you manage the security risk introduced by the vendors your organization relies on. It supports key workflows like tracking vendors, running vendor risk assessments (including security, privacy, legal, ESG assessments and custom types), and monitoring risk over time as part of your broader security and compliance program.
You’ll find TPRM features in the Vendors section of your account. From maintaining a vendor inventory to evaluating vendor security and staying aware of changes after an assessment, Vanta helps you assess risk consistently and respond as it evolves.
Training opportunities: We offer a self-paced training and an instructor-led workshop on TPRM.
Vendor management
The Vendors page is where you manage your vendor inventory in Vanta—from adding and discovering vendors to keeping each vendor profile up to date. A well-maintained inventory supports security assessments, monitoring, and audit readiness as your vendor ecosystem grows.
Add vendors and bring them into scope by creating vendor profiles manually, importing vendors in bulk, or pulling in connected integrations.
Manage vendor procurement requests by reviewing discovered vendors and intake submissions, and moving vendors through procurement into your inventory.
Maintain accurate vendor profiles so ownership, risk context, and review readiness stay up to date.
Learn more: Adding & Managing Vendors
Vendor assessments
The Assessments page is where you run and track vendor risk assessments in one place. All assessments appear in a single view, bringing together risk context, questionnaires, evidence, and findings to help you assess a vendor’s posture and document outcomes.
Manage assessments across multiple types to evaluate vendor risk by domain, all within a single vendor profile.
Each vendor can have multiple assessment types—such as security, privacy, legal, or custom assessments—so you can evaluate risk across different domains without duplicating vendor records.
Track status, owners, progress, and decisions for every assessment in one centralized table.
Collaborate with vendors to collect evidence and review questionnaire responses using Vanta AI.
Analyze risk context and findings to determine overall risk posture for each assessment.
Finalize assessments with a recommendation and residual risk to document decisions and maintain an audit-ready record.
Vendor risk monitoring
The Monitoring page helps you stay aware of changes in vendor risk after a security assessment is complete. It surfaces alerts and findings over time so you can understand what’s changed, assess impact, and decide when follow-up is needed.
See which vendors have continuous monitoring available so you know where Vanta can surface ongoing risk signals.
Review alerts and monitoring findings to understand what’s changed since a vendor’s last security assessment.
Stay on top of emerging risk by using severity and alerts to decide when follow-up or remediation is needed.
Learn more: Continuous Monitoring of Vendor Risk
Vendor settings
The Settings page is where you configure the rules and defaults that guide how vendor risk is managed in Vanta. From the Settings page, scroll to the Features section and select Vendors.
Vendor settings are organized into tabs, with each tab affecting how vendors move through inventory, assessments, and monitoring:
Tab | Description |
Create and manage the questionnaires used to collect consistent information during vendor risk assessments. | |
Define how inherent risk is automatically scored so vendors are consistently categorized based on how they interact with your data and systems. | |
Configure assessment types, evidence requirements, and automated workflows based on vendor risk. | |
Create and manage custom fields to track additional information that's important to your vendor assessments. | |
Configure alerts to notify your team when meaningful risk changes are detected for monitored vendors. | |
Enable a vendor intake form so internal teams can request new vendors directly in Vanta. |