Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor’s product or service, as well as an ongoing process to ensure that quality security practices are being maintained in an ongoing fashion. A vendor review process will assess a vendor’s capacity to maintain effective and appropriate security practices and other performance elements critical to an organization’s business. Vendor review is particularly critical when vendors will have access to sensitive internal or customer data.
If a vendor does not have security documentation available such as a SOC 2 Report, you can send a security questionnaire from the Vendors page with Vanta.
Generating a Vendor Security Questionnaire
- From the Vendors page, select the vendor of choice and click on the Security Review tab.
- Click the Add New Review button to start a security review.
- Next, click on the Generate Questionnaire Request button.
- A new dialog box will appear that will allow you to use Vanta's Security Questionnaire template and compose a message to the Vendor.
- Once you receive the questionnaire back you can review the vendor's responses. You can upload the completed security questionnaire to the Security Review section to report your findings and assessment of the Vendor's security posture.
- When finished, select Mark review as complete to finish the vendor security review.