Before you can request remediation, you must be monitoring the vendor. For more information on how to add a vendor to your portfolio, please read our guide on how to add a new vendor.
Step 1: Log in to the UpGuard platform
Step 2: Navigate to Vendors
Now that you're logged in, click the "Remediation" button in the sidebar under the "VENDOR RISK" heading, or click here to go straight there.
Your screen should now look like this.
Step 3: Request remediation
To request remediation, click the "REQUEST REMEDIATION" button in the top right hand corner.
Your screen should look like this.
Step 4: Search for your vendor
Use the search bar to search for a vendor by name or URL, e.g. "Netflix.com".
Once your vendor has been found, click on their name to select them. Then click "NEXT" in the lower right hand corner.
Step 5: Select the type of remediation request
Once you've selected a vendor, you'll be prompted to choose between remediating risks found through automated scanning or through a security questionnaire.
Note: If the vendor hasn't completed a security questionnaire, you will only be able to request remediation of risks found via automated scanning.
Once you selected the type of remediation to request, click "NEXT".
Step 6: Select risks
Now that you've selected the type of remediation to request, it's time to select the risk(s) you would like remediated. You can choose to:
- Request remediation of a specific category of risk, e.g. SSL not available, across all their domains & IPs; or
- Request a risk on a specific website or IP be remediated.
The screenshot below shows an example of each, namely the whole category of SSL not available and the 'ElasticSearch' port open on recall.itp.netflix.net.
Once you have selected the risks you want remediated, scroll to the bottom of the list and click "NEXT".
Step 7: Choose a recipient
Now you need to select a recipient .
If you have created contacts for this vendor in the past, such as when you sent them a security questionnaire, the contacts will be available on this page.
Step 8: Choose a title and optional message
Now that you've chosen your recipient, you can include a title for the request along with a message.
Step 9: Review and send
The final step is to review the request to make sure it captures what you want to send. If it does, click the "SEND" button.