Should we be running assessments on all of our vendors?
Vanta recommends that you only need to do a security assessment on critical and high-risk vendors. If you deem it necessary, you can include assessments on the medium and low-risk vendors.
Is it a hard requirement to have an Account Manager's name and email filled out for every Vendor?
No. This is only required if you are looking to send them a questionnaire via Vanta.
Does every Vendor require an offboarding in Vanta?
You can customize the Vendors that need offboarding on the Task Sets page within each group.
Are platforms that do not retain customer data relevant to the Vendors page?
You could add them to the Vendors Page to take a more comprehensive view of your Vendors but they will not be included in your audit.
Why does a Low/Medium Vendor have a security review deadline highlighted?
Security review reminders are based on previously completed reviews. Any vendors you have completed a security review on in the past will automatically be flagged as needing review based on the previous security review date.