Frequently Asked Questions: Vendors

  • Updated
Should we be running assessments on all of our vendors? 
  • Vanta recommends that you only need to do a security assessment on critical and high-risk vendors. If you deem it necessary, you can include assessments on the medium and low-risk vendors. 
 Is it a hard requirement to have an Account Manager's name and email filled out for every Vendor? 
  • No. This is only required if you are looking to send them a questionnaire via Vanta. 
Does every Vendor require an offboarding in Vanta? 
  • You can customize the Vendors that need offboarding on the Checklists page within each group. 
Are platforms that do not retain customer data relevant to the Vendors page?
  • You could add them to the Vendors Page to take a more comprehensive view of your Vendors but they will not be included in your audit. 

Why does a Low/Medium Vendor have a security review deadline highlighted?

  • Security review reminders are based on previously completed reviews. Any vendors you have completed a security review on in the past will automatically be flagged as needing review based on the previous security review date.