With the Vendor Risk Management feature, you can assess and manage Vendors' risks in one centralized location. We suggest establishing your settings before proceeding with the Vendor review process.
Overview
- From the Vendors page, the Overview tab will give you a visual summary of
- Security reviews progress
- Vendors managed
- Vendor discovery
Discovery
The Vendor discovery page details which vendors are being utilized within your organization and the associated risk level.
You can add, reject, or ignore vendors from the Needs Review tab to your Managed Vendors list.
- Discovered Vendors: Vendors discovered by Vanta that are awaiting action (add, ignore, reject)
- Ignored Vendors: Vendors you are not leveraging in your tech stack right now; when ignoring a Vendor, you can provide a reason
-
Rejected Vendors: Vendors you have fully decided not use in your tech stack
- Select the three-dot menu on the right-hand side of the vendor, and select Reject
Adding or Ignoring Vendors
- Select the vendor(s) you would like to review, and choose Add or Ignore
- Vendors added will be visible from the Managed vendors tab
- Additionally, add or ignore individual Vendors by hovering over the Vendor line and selecting the appropriate option
Procurement
Procurement requests for new vendors can be managed from the Procurement tab.
- To add a procurement request, select +Add procurement request
- Provide a vendor name, category, and assign an owner
- Complete the Additional details section
- Select Add Procurement request
- To start the review, select Start
- Make any necessary changes to the information and select Continue to inherent risk scoring
- Leverage the auto-risk scoring functionality or manually input Risk attributes
- Begin the security review.
Security Reviews
- Click on the vendor you would like to start the security review for
- Request documents from the Vendor by selecting +Add
- From here, you can
- Request from Vendor: Send a link to the vendor that will allow them to upload documents
- Upload from your computer: Add documents from your computer as evidence
- Add link: Link to evidence stored in a separate location
- Import past reviews: Choose data to import from previously completed vendor reviews
Add Findings
- Continue to add findings and any additional information by selecting Add findings
- Using Vanta AI, any answers to the security questionnaire that does not meet your security standards can be added as a finding.
- You can also add findings by selecting the + Add finding button
- Here, you can detail the finding, as well as a Risk treatment plan
- Once all of your findings have been identified, its time to make a final decision
Communicate Decision
- Make a final decision
- Approved
- Conditionally approved
- Not approved
- Mark the Review as complete
Updated