Vendor Risk Management

Help Center_Pricing_1 (2).png

For more information about plan types and capabilities, see Vanta's pricing page

With the Vendor Risk Management feature, you can assess and manage Vendors' risks in one centralized location. We suggest establishing your settings before proceeding with the Vendor review process.

Overview

  • From the Vendors page, the Overview tab will give you a visual summary of 
    • Security reviews progress
    • Vendors managed 
    • Vendor discovery

Screenshot 2024-06-18 at 10.52.04 AM.png

Discovery

The Vendor discovery page details which vendors are being utilized within your organization and the associated risk level.

You can add, reject, or ignore vendors from the Needs Review tab to your Managed Vendors list.

  • Discovered Vendors: Vendors discovered by Vanta that are awaiting action (add, ignore, reject)
  • Ignored Vendors: Vendors you are not leveraging in your tech stack right now; when ignoring a Vendor, you can provide a reason

Screenshot 2024-05-16 at 4.00.06 PM.png

  • Rejected Vendors: Vendors you have fully decided not use in your tech stack
    • Select the three-dot menu on the right-hand side of the vendor, and select Reject 

Screenshot 2024-05-16 at 4.04.21 PM.png

Adding or Ignoring Vendors 

  • Select the vendor(s) you would like to review, and choose Add or Ignore 

Screenshot 2024-06-18 at 10.54.16 AM.png

  • Vendors added will be visible from the Managed vendors tab
  • Additionally, add or ignore individual Vendors by hovering over the Vendor line and selecting the appropriate option 

Procurement 

Procurement requests for new vendors can be managed from the Procurement tab.

  • To add a procurement request, select +Add procurement request
  • Provide a vendor name, category, and assign an owner
  • Complete the Additional details section 

Screenshot 2024-06-18 at 10.55.19 AM.png

  • Select Add Procurement request 
  • To start the review, select Start 
  • Make any necessary changes to the information and select Continue to inherent risk scoring 
  • Leverage the auto-risk scoring functionality or manually input Risk attributes 
  • Begin the security review. 

Screenshot 2024-06-18 at 10.57.02 AM.png

Security Reviews 

  • Click on the vendor you would like to start the security review for
  • Request documents from the Vendor by selecting +Add
  • From here, you can
    • Request from Vendor: Send a link to the vendor that will allow them to upload documents
    • Upload from your computer: Add documents from your computer as evidence
    • Add link: Link to evidence stored in a separate location 
    • Import past reviews: Choose data to import from previously completed vendor reviews 

Screenshot 2024-08-06 at 3.05.18 PM.png

Add Findings 

  • Continue to add findings and any additional information by selecting Add findings

Screenshot 2024-07-18 at 5.05.34 PM.png

  • Using Vanta AI, any answers to the security questionnaire that does not meet your security standards can be added as a finding.

Screenshot 2024-07-18 at 5.06.29 PM.png

  • You can also add findings by selecting the + Add finding button
  • Here, you can detail the finding, as well as a Risk treatment plan

Screenshot 2024-07-18 at 5.08.19 PM.png

  • Once all of your findings have been identified, its time to make a final decision

Communicate Decision

  • Make a final decision
    • Approved
    • Conditionally approved 
    • Not approved 
  • Mark the Review as complete 

Screenshot 2024-03-19 at 4.22.04 pm.png

 

 

 

 

 

 

 

Updated