Vendor Risk Management

  • Updated

Scale & Collaborate.jpgFor more information about plan types and capabilities, see Vanta's pricing page

 

With the Vendor Risk Management feature, you can assess and manage the risk of Vendors in one centralized location.

Overview

  • From the Vendors page, the Overview tab will give you a visual summary of 
    • Security reviews progress
    • Vendors managed 
    • Vendor discovery

Screenshot 2024-06-18 at 10.52.04 AM.png

 

Discovery

The Vendor discovery page details which vendors are being utilized within your organization and the associated risk level.

From the Needs Review tab, you can choose to add, reject, or ignore vendors to your Managed Vendors list.

  • Discovered Vendors: Vendors discovered by Vanta that are awaiting action (add, ignore, reject
  • Ignored Vendors: Vendors you are not leveraging in your tech stack; when ignoring a Vendor, you can provide a reason

Screenshot 2024-05-16 at 4.00.06 PM.png

  • Rejected Vendors: Vendors we want to reject / not use in our tech stack
    • Select the three-dot menu on the right-hand side of the vendor, and select Reject 

Screenshot 2024-05-16 at 4.04.21 PM.png

Adding or Ignoring Vendors 

  • Select the vendor(s) you would like to review, and choose Add or Ignore 

Screenshot 2024-06-18 at 10.54.16 AM.png

  • Vendors added will be visible from the Managed vendors tab
  • Additionally, add or ignore individual Vendors by hovering over the Vendor line and selecting the appropriate option 

Procurement 

Procurement requests for new vendors can be managed from the Procurement tab.

  • To add a procurement request, select +Add procurement request
  • Provide a vendor name, category, and assign an owner
  • Complete the Additional details section 

Screenshot 2024-06-18 at 10.55.19 AM.png

  • Select Add Procurement request 
  • To start the review, select Start 
  • Make any necessary changes to the information and select Continue to inherent risk scoring 
  • Leverage the auto-risk scoring functionality or manually input Risk attributes 
  • Begin the security review. 

Screenshot 2024-06-18 at 10.57.02 AM.png

Security Reviews 

  • Click on the vendor you would like to start the security review for
  • Request documents from the Vendor by selecting Request documents and using the security review private link functionality or Upload the documents manually

Screenshot 2024-06-18 at 10.57.52 AM.png

 

Add Findings 

  • Continue to add findings and any additional information by selecting Add findings

Screenshot 2024-07-18 at 5.05.34 PM.png

  • Using Vanta AI, any answers to the security questionnaire that does not meet your security standards can be added as a finding.

Screenshot 2024-07-18 at 5.06.29 PM.png

  • You can also add findings by selecting the + Add finding button
  • Here, you can detail the finding, as well as a Risk treatment plan

Screenshot 2024-07-18 at 5.08.19 PM.png

  • Once all of your findings have been identified, its time to make a final decision

Communicate Decision

  • Make a final decision
    • Approved
    • Conditionally approved 
    • Not approved 
  • Mark the Review as complete 

Screenshot 2024-03-19 at 4.22.04 pm.png