Frequently Asked Questions: Vendors

  • Updated
 Should we be running assessments on all of our vendors? 
  • Vanta recommends that you only need to do a security assessment on the high-risk vendors. If you deem it necessary, you can include assessments on the medium and low-risk vendors. 

Does Vanta have access to the Security Assessments of the more common Vendors?
  • Yes! In order to complete the security assessment to the auditor's requirements, you must grab them and review them to upload it.
 Is it a hard requirement to have an Account Manager's name and email filled out for every Vendor? 
  • Nope! This is only required if you are looking to send them a questionnaire via Vanta. 

Does every Vendor require an offboarding in Vanta? 
  • You can customize the Vendors that need offboarding on the Checklists page within each group. 

Are platforms that do not retain customer data relevant to the Vendors page?
  • You could add them to the Vendors Page to take a more comprehensive view of your Vendors but they will not be included in your audit. 

Why does a Low/Medium Vendor have a security review deadline highlighted?

  • Security review reminders are based on previously completed reviews. Any vendors that you have completed a security review on in the past will automatically be flagged as needing review based on the previous security review date. 

Was this article helpful?

Have more questions? Submit a request