Feature availability: While the Vendors page is included on all plans, some Third Party Risk Management features are only available as an add-on. Refer to Vanta Plans and Pricing for details.
Vendor management is a part of Third Party Risk Management in Vanta. The Vendors page allows you to add, edit, and manage vendors in one place. A well-maintained vendor inventory helps you stay audit-ready and confident in your third-party security posture. By consistently tracking vendor details, you create a single source of truth that supports security reviews and ongoing risk monitoring as your vendor ecosystem grows.
Adding vendors
You can add vendors to your vendor list in several ways, depending on where the information is coming from. All vendors under the scope of your audit should be included. If any vendors aren’t automatically populated here, you’ll want to manually add them.
Connected integrations
Connected integrations
Vendors that you’ve connected to on the Integrations page of your account are automatically added to your vendor list.
Manually adding a vendor
Manually adding a vendor
Use this method when you want to add a small number of vendors individually.
To manually add a vendor:
On the Vendors page, click the Add vendor button.
Enter the vendor’s name, status, and website.
Click Add vendor from the modal to save the vendor.
Open the vendor from the vendor list, then go to the About tab to add additional vendor details.
Importing via spreadsheet
Importing via spreadsheet
Use this method when you need to add many vendors at once.
To import vendors using a spreadsheet:
On the Vendors page next to the Add vendor button, click the down arrow ▼ and select Import vendor.
After you review instructions on the Import vendors page, download the CSV template and prepare the file. You can import 100 vendors at a time.
When you’re ready, upload a CSV file containing your vendor details.
Map the uploaded columns in your spreadsheet to ensure they align with the template columns in Vanta, then click the Next button to continue.
Review your import, especially rows with issues, then click the Import button.
Vendor discovery and procurement
Vendor discovery and procurement
Vanta surfaces discovered vendors based on activity observed through your connected identity providers (IdP) so you can decide whether they should be added to your vendor list, added to procurement, ignored, or rejected.
Learn more: Managing Vendor Procurement
Managing your vendor list
Your vendor list is a centralized inventory of the vendors your organization works with. This was previously called the Managed vendors page. Each vendor has a status:
Status (or state) | Description |
Active | Vendors your team has approved for use within your organization. Keep their vendor details up to date and stay on top of recurring security reviews. |
Procurement | Vendors your team is evaluating for use within your organization. Complete their vendor details and conduct a security review. |
Archived | Vendors your team is no longer using within your organization. It’s important to keep a record of vendors you’ve previously used. |
Filtering your vendor list
Filtering your vendor list
On the Vendors page, use the tools above the table to search, filter, and sort your vendor list based on the vendor details available.
Click the controls icon at the top-right of the vendor list to customize the table view—you can choose what columns to display in the table, or change the density size of the table rows.
Merging duplicate vendors
Merging duplicate vendors
Use vendor merging to combine duplicate vendor records. The vendor you choose to merge into becomes the primary vendor record moving forward, whereas the vendor you selected to merge is removed from the vendor list.
To merge two vendors:
On the Vendors page, click the options menu ••• next to the vendor you’d like to merge. The vendor you select in this step is the one that will be removed.
Select the Merge with another vendor option from the menu.
In the pop-up modal, choose the vendor you want to merge into from the dropdown list. The vendor you select in this step is the one that will become the primary vendor record moving forward.
Choose the information you'd like to preserve for each vendor:
The default setting is to preserve security reviews, evidence, documents, and vendor findings from both vendors. You need to select the remaining info you would like to preserve for each vendor.
The following vendor fields do not transfer: Password configuration details, Services provided, and Additional notes. To retain this info, manually copy it before completing the merge.
Select Confirm merge to complete the process.
Archiving vendors
Archiving vendors
Use the Archived status to remove vendors you no longer work with, while still keeping the vendor information in your account for reference. While you can restore an archived vendor if needed, you can’t restore deleted vendors.
To archive a vendor:
On the Vendors page, click the options menu ••• next to the vendor you’d like to archive.
Select the Archive option from the menu.
Read the notice, then click the Archive vendor button.
You can undo this at any time by filtering vendor status for Archived vendors and selecting Unarchive from the options menu ••• next to the vendor.
Updating vendor details
Each vendor in your vendor list has a dedicated profile that centralizes all the information about a vendor. You’ll find the vendor details in the About tab of vendor profiles.
Navigating vendor profiles
Navigating vendor profiles
On the Vendors page, click a vendor from the vendor list and browse the tabs available within the vendor profile:
Tab | Description |
Overview | Tips for completing the vendor’s profile and the most recent security review and findings. |
Security reviews | A complete record of all current and past security reviews. |
Findings | Findings from security reviews and the ability to add new findings as a security risk. |
Monitoring | Any issues Vanta flagged for vendors with continuous risk monitoring available. (Only present for vendors with continuous monitoring.) |
Evidence | A record of all prior evidence provided in security reviews and the ability to add new evidence. |
Linked apps | Any discovered vendors that were linked to the vendor. |
Subprocessors | Any subprocessors used by the vendor that Vanta was able to locate in public trust centers. (Only present for vendors with public trust centers available.) |
About | All the vendor details available to view or edit about a vendor. |
Intake | The vendor intake form submission that kicked off procurement. (Only present if the vendor was added via the vendor intake form.) |
Standard vendor fields
Standard vendor fields
Go to the About tab within a vendor profile to edit vendor details. Some standard fields we recommend prioritizing as you get started:
Vendor status (or state): Choose from Active, Archived, or Procurement.
Inherent risk score: Level of risk a vendor or process poses before any mitigating controls are applied, based on your inherent risk rubric.
Category: Type of product or service the vendor offers.
Point of contact: The name and email address for your point of contact with the vendor.
Security owner: User responsible for overseeing the security review in Vanta—they receive notifications related to security reviews.
Business owner: User responsible for day-to-day management of the tool outside of Vanta—they don’t receive notifications related to security reviews.
Custom vendor fields
Custom vendor fields
In addition to the standard vendor fields provided by Vanta, you can add custom vendor fields to track additional information in your vendor details.
To manage custom vendor fields:
Under the Vendors section of the navigation menu, open the Settings page.
Go to the Custom vendor fields tab.
Add, edit, or reorder the custom fields you’d like to use across all vendors. Options: Text, number, date, or picklist.
Go to the About tab of a vendor profile and scroll to the Custom fields section to fill out the fields.