Should we be running assessments on all of our vendors? 
  • Vanta's recommendation is that you only need to do a security assessment on the high-risk vendors. If you deem it necessary, you can include assessments on the medium and low-risk vendors. 

Does Vanta have access to the Security Assessments of the more common Vendors?
  • Yes! In order to complete the security assessment to the auditor's requirements, you must grab them and review them to upload it.
 
 Is it a hard requirement to have an Account Manager's name and email filled out for every Vendor? 
  • Nope! This is only required if you are looking to send them a questionnaire via Vanta. 

-Does every Vendor require an offboarding in Vanta? 
  • You can customize the Vendors that need offboarding on the Checklists page within each group. 

Are platforms that do not retain customer data relevant to the Vendors page?
  • You could add them to the Vendors Page to take a more comprehensive view of your Vendors but they will not be included in your audit.