Vendor Risk Management

  • Updated


With the Vendor Risk Management feature, you can auto-score the vendor's risk through auto-score configuration, or build it from the risk management tab

  • Select the Risk Management tab 
  • Use the drop-down menu to define the vendor category
  • Select Save


  • Select the edit icons to establish the data processed by the vendor, the criticality of the vendor, the system the vendor has access to, and the ability for the vendor to communicate on behalf of your company


  • Using the dropdown, set the risk level for this vendor



Security Review 

A vendor security review is a process by which an organization assesses its third-party vendors' security practices to determine their risk exposure level. This review typically involves evaluating a vendor's security policies, procedures, controls, and technologies to ensure they align with the organization's security standards and compliance requirements. 


Upload files: Consider uploading the following documentation

Security assessments
  • SOC 2 or SOC 3 report
  • ISO 27001 certificate
  • Completed security questionnaire  
Data agreements
  • Data processing agreement (DPA) 
  • Business associate agreement (BAA)

Send questionnaire 

  • Select Send Questionnaire 
  • Provide the appropriate information 
  • Choose from the following:
    • Send Vanta's default questionnaire
    • Use a previously uploaded questionnaire 
    • Upload a blank custom questionnaire


  • Upload your security assessment
  • Add any notable findings and overall decision


  • Security Reviews in progress will be shown on the main vendor's page 




Use this space to store documentation about this vendor. For security assessments, Vanta recommends uploading them to a security review to help structure your findings.



Was this article helpful?

Have more questions? Submit a request