Monitor a new vendor

Vendor Risk overview

UpGuard's Vendor Risk is a self-service platform where you can automate your third party risk assessment workflows, receive instant notifications about your vendors' security, and streamline the vendor lifecycle management in a centralized dashboard. With Vendor Risk, you can monitor vendors that you have a relationship with, access information about your monitored vendors, manage vendor assessments, and set up notifications to alert you if a vendor's status changes. You can also send questionnaires to vendors to help you communicate and resolve potential risks.

Monitor a new vendor (with a web presence)

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel. 
  2. Click + Monitor new vendor
  3. Click in the search bar and begin typing a vendor’s URL or name (if this is your first time adding a vendor, you might see a list of recommendations based on detected vendors). 
  4. Check the box next to the vendor (or vendors) you want to monitor — confirm the URL matches the URL of the vendor you’re intending to add.
  5. Repeat steps 3-4 until you’ve selected all of the vendors you want to monitor. 
  6. Click Monitor

You’re now monitoring the new vendor(s)! We strongly recommend:

💡If you search (step 3) but your vendor doesn’t appear: type the vendor's url and click Attempt to scan. When UpGuard finds the vendor, resume at step 4 or add the vendor without a web presence. 

Monitor a new vendor (without a web presence)

Sometimes you work with vendors without a web presence, you can add those vendors to UpGuard as well. 

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel. 
  2. Click + Monitor new vendor
  3. Click in the search bar and begin typing a vendor’s name. 
  4. Click Create a vendor with no web presence at the bottom of the modal. 
  5. Enter the vendor’s name.
  6. Select the vendor’s primary industry from the dropdown. 
  7. Click Create new vendor

You’re now monitoring the new vendor! However, the vendor needs to return a questionnaire to receive a security rating, which will then activate the risk remediation workflow for your vendor relationship. We strongly recommend adding vendor attributes for each vendor you’ve added.

Vendor attributes

Add vendor attributes (listed in the table below) from the edit vendor page. You’ll automatically land on this page when you start to monitor a single new vendor, but to edit a vendor any other time:

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel. 
  2. Search for and select the appropriate vendor (from the Vendors tab).  
  3. Click the three dots in the upper-right corner.
  4. Click Edit Vendor.  
Attribute Recommendation What it does Why to add it
Tier Always recommend Classify the level of risk this vendor poses to you. - Create tier-based assessment SLAs and risk assessment schedules.
- Flag critical risks that could affect business continuity.
- To enable you to react to the most important risks first by prioritizing Tier 1 risks.
Label Always recommend Tags that identify the data and access level a vendor has to your company. 

Pre-built and custom labels are available. 
- See the data and access level a vendor has to your company.
- List a vendor’s compliance requirement or to list a specific data-type being accessed.
- Report on vendors matching specific labels. 

Custom label examples: HIPPA, banking information. 
Portfolio Strongly recommend

Identifies the internal business unit that owns a vendor. 


Vendors must belong to at least one portfolio.

- Report on vendors by portfolio.
- Manage or assign internal workflows. 
- Identify regional and foreign vendors.
Custom attributes Situational Custom fields you can create and associate with vendors.  - Track data not accounted for via standard fields (portfolio, labels, tiers, etc). 
- Use integrations to map fields from other softwares into UpGuard custom attribute fields.

Custom attribute examples: contract end date, internal owner.

Industry Situational Pre-populated field categorizing vendors by their industry. Update if necessary. 

- Update to a more nuanced industry

- Better align with internal industry definitions. 

Notes Situational A free-text field for capturing insightful but auxiliary data.  Notes examples: Net payment terms, past security incidents. 

 

See also: