Feature availability: While the Vendors page is included on all plans, some Third Party Risk Management features are only available as an add-on. Refer to Vanta Plans and Pricing for details.
Continuous monitoring is a part of Third Party Risk Management in Vanta that gives you ongoing visibility into vendor risk. Instead of relying on point-in-time security reviews, it evaluates vendor security posture in real time and alerts you to meaningful changes—such as breaches, newly discovered vulnerabilities, or stalled remediation—so you can respond as risk evolves.
This capability is especially valuable for vendors with access to sensitive data, critical systems, or core business processes. By providing ongoing insight after a security review is complete, continuous monitoring helps you reassess impact and decide when follow-up is needed, supported by proprietary asset scanning, expert-level analysis, and customizable alerts.
Continuous monitoring
The continuous monitoring experience in Vanta makes it easy to review vendor risk as it changes over time. From vendor-level monitoring feeds to a centralized view across all vendors, you can quickly see active alerts, flag findings, and track issues that require follow-up—helping you stay on top of risk.
Availability per vendor
Availability per vendor
Vanta automatically updates your vendor list to indicate whether continuous monitoring is available for that vendor.
To see which vendors have continuous monitoring available, review the Monitoring column:
On: Vendor is supported by Vanta
Off: Vendor is not supported by Vanta
At this time, you can’t filter your vendor list by monitoring status. If you add a vendor and don’t see monitoring available, confirm the vendor name and website match those in Vanta’s supported vendors.
Monitoring feed (per vendor)
Monitoring feed (per vendor)
For vendors with continuous monitoring, you can open a vendor from your vendor list to review all alerts available for that vendor.
To view alerts for a particular vendor:
On the Vendors page, open a vendor with continuous monitoring enabled.
Within the vendor profile, go to the Monitoring tab.
Review the list of alerts related to that vendor.
Click to open an alert and review the details, including severity, date detected, and recommended next steps for mitigation.
Within the alert, click the Flag as finding button to add it to the vendor’s Findings tab.
Monitoring feed (all vendors)
Monitoring feed (all vendors)
You can review alerts available for across all vendors from the Monitoring page.
To review alerts across all vendors:
Under the Vendors section of your navigation, open the Monitoring page.
Review the list of alerts.
Use the tools above the table to search, filter, and sort the alerts by vendor, status, severity, category, and date created.
Click to open an alert and review the details, including severity, date detected, and recommended next steps for mitigation.
Within the alert, click the Flag as finding button to add it to the vendor’s Findings tab.
Vendor risk alerts
Vendor risk alerts notify your team when new risks or changes are detected for monitored vendors. These alerts surface issues such as security findings, breaches, or emerging threats as they’re discovered, helping you quickly assess impact and decide whether follow-up or remediation is needed.
Recommended alerts
Recommended alerts
Continuous monitoring is most effective when paired with active alerting and regular vendor review. Viewing monitoring data alone will surface findings in Vanta, but configuring alerts ensures your team is notified in time to act.
To get the most value out of alerts:
Keep High and Critical findings enabled across all vendors
Limit Low and Informational alerts to digest summaries or high-risk vendors
Review alert volume periodically to maintain a manageable signal-to-noise ratio
Confirm your delivery preferences (Slack, email, or webhook) are still active and authorized
Alert settings
Alert settings
Alert settings let you control how and when your team is notified about vendor risk. You can customize alert types, severity thresholds, and scope to ensure notifications align with your risk tolerance and monitoring priorities—so the right people are alerted to the right issues at the right time.
To configure alerts:
Under the Vendors section of your account navigation, go to the Settings page.
Open the Alerts tab.
Review the list of available alert types, such as: Threat intelligence, vulnerabilities, or application security.
Use the toggle to each alert type on or off.
Use the drop-down menus to select the severity and scope:
Severity: Select the threshold that should trigger notifications, such as: Critical High, or Medium.
Scope: Select whether the alert should apply to all vendors or only those within a specific inherent risk score.
Changes are saved automatically.
Troubleshooting alerts
Troubleshooting alerts
If a vendor shows continuous monitoring is on without active alerts, it means the vendor is being scanned but no alerts are configured or triggered. To fix this, review your alert settings.
Common underlying reasons include:
No alerts turned on: Continuous monitoring runs automatically, but alert toggles are turned off in your vendor settings.
Scope mismatch: The vendor isn’t included in the selected inherent risk score.
Filters too narrow: Alerts limited to Critical findings while vendor issues are Medium or Low severity.
Muted or excluded findings: Some finding types are filtered out.
Notification issues: Slack or email recipients not added or authorization expired.