Vendor Risk Management

  • Updated

 

With the Vendor Risk Management feature, you can auto-score the vendor's risk through auto-score configuration, or build it from the risk management tab

  • Select the Risk Management tab 
  • Use the drop-down menu to define the vendor category
  • Select Save

Screenshot_2023-04-06_at_3.05.02_PM.png

  • Select the edit icons to establish the data processed by the vendor, the criticality of the vendor, the system the vendor has access to, and the ability for the vendor to communicate on behalf of your company

Screenshot_2023-04-06_at_3.07.01_PM.png

  • Using the dropdown, set the risk level for this vendor

Screenshot_2023-04-06_at_3.09.08_PM.png

 

Security Review 

A vendor security review is a process by which an organization assesses its third-party vendors' security practices to determine their risk exposure level. This review typically involves evaluating a vendor's security policies, procedures, controls, and technologies to ensure they align with the organization's security standards and compliance requirements. 

 

Upload files: Consider uploading the following documentation

Security assessments
  • SOC 2 or SOC 3 report
  • ISO 27001 certificate
  • Completed security questionnaire  
Data agreements
  • Data processing agreement (DPA) 
  • Business associate agreement (BAA)

Send questionnaire 

  • Select Send Questionnaire 
  • Provide the appropriate information 
  • Choose from the following:
    • Send Vanta's default questionnaire
    • Use a previously uploaded questionnaire 
    • Upload a blank custom questionnaire

Screenshot_2023-04-06_at_3.22.31_PM.png

  • Upload your security assessment
  • Add any notable findings and overall decision

Screenshot_2023-04-06_at_3.25.41_PM.png

  • Security Reviews in progress will be shown on the main vendor's page 

Screenshot_2023-04-06_at_3.24.22_PM.png

 

References 

Use this space to store documentation about this vendor. For security assessments, Vanta recommends uploading them to a security review to help structure your findings.

 

Screenshot_2023-04-06_at_3.27.17_PM.png

Was this article helpful?

Have more questions? Submit a request