Go to UpGuard
All Collections
UpGuard Vendor Risk
Remediation
How to request remediation from a vendor

How to request remediation from a vendor

Learn how to request remediation from one of your monitored vendors on UpGuard Vendor Risk.
Abi Tyas Tunggal avatar
Written by Abi Tyas Tunggal
Updated over a week ago

Before you can request remediation, you must be monitoring the vendor. For more information on how to add a vendor to your portfolio, please read our guide on how to add a new vendor

Text walkthrough 

Step 1: Log in to the UpGuard platform

Click here to log in to the UpGuard platform.

Step 2: Navigate to Vendors

Now that you're logged in, click the "Remediation" button in the sidebar under the "VENDOR RISK" heading, or click here to go straight there

Your screen should now look like this.

Step 3: Request remediation

To request remediation, click the "REQUEST REMEDIATION" button in the top right hand corner. 

Your screen should look like this.

Step 4: Search for your vendor

Use the search bar to search for a vendor by name or URL, e.g. "Netflix.com". 

Once your vendor has been found, click on their name to select them. Then click "NEXT" in the lower right hand corner.

Step 5: Select the type of remediation request

Once you've selected a vendor, you'll be prompted to choose between remediating risks found through automated scanning or through a security questionnaire.

Note: If the vendor hasn't completed a security questionnaire, you will only be able to request remediation of risks found via automated scanning.

Once you selected the type of remediation to request, click "NEXT".

Step 6: Select risks

Now that you've selected the type of remediation to request, it's time to select the risk(s) you would like remediated. You can choose to:

  • Request remediation of a specific category of risk, e.g. SSL not available, across all their domains & IPs; or
  • Request a risk on a specific website or IP be remediated.

The screenshot below shows an example of each, namely the whole category of SSL not available and the 'ElasticSearch' port open on recall.itp.netflix.net.

Once you have selected the risks you want remediated, scroll to the bottom of the list and click "NEXT".

Step 7: Choose a recipient

Now you need to select a recipient . 

If you have created contacts for this vendor in the past, such as when you sent them a security questionnaire, the contacts will be available on this page. 

Step 8: Choose a title and optional message

Now that you've chosen your recipient, you can include a title for the request along with a message.

Step 9: Review and send

The final step is to review the request to make sure it captures what you want to send. If it does, click the "SEND" button. 

Did this answer your question?