Should we be running assessments on all of our vendors?
- Vanta recommends that you only need to do a security assessment on critical and high-risk vendors. If you deem it necessary, you can include assessments on the medium and low-risk vendors.
Is it a hard requirement to have an Account Manager's name and email filled out for every Vendor?
- No. This is only required if you are looking to send them a questionnaire via Vanta.
Does every Vendor require an offboarding in Vanta?
- You can customize the Vendors that need offboarding on the Checklists page within each group.
Are platforms that do not retain customer data relevant to the Vendors page?
- You could add them to the Vendors Page to take a more comprehensive view of your Vendors but they will not be included in your audit.
Why does a Low/Medium Vendor have a security review deadline highlighted?
- Security review reminders are based on previously completed reviews. Any vendors you have completed a security review on in the past will automatically be flagged as needing review based on the previous security review date.