Learn how UpGuard Vendor Risk can help you scale your third-party risk management and vendor risk management teams.
- Vendor Summary
-
Risk Profile
-
Domains and IPs
-
Questionnaires
-
Vulnerabilities
-
Remediation
-
Documents
-
Contacts
Note that a vendor snapshot does not include access to the questionnaires, vulnerabilities, remediation, or documents and contacts pages.
What is in the vendor summary?
UpGuard's vendor summary page provides an executive-level overview of an individual vendor's security posture. To get there, navigate to Vendor Risk > Vendors > Select a vendor > Vendor Summary.
This includes:
-
Key vendor information
-
The number of domains and IPs UpGuard monitors for the vendor
-
Questionnaire and remediation information
-
Security rating trend
-
Website risks
-
Email security risks
-
Network security risks
-
Reputation risks
-
Phishing & malware risks
-
Brand protection risks
What is in a vendor's risk profile?
A vendor's risk profile outlines their security rating trend and the underlying risks they are exposed to.
Each risk represents a failed security control check. Each failed check is given a severity, name, risk, category, and number of sites exposed to the risk.
What can you see on the vendor's domains and IPs pages?
The vendor's domains and IPs pages outline all the domains and IPs the vendor owns, along with their respective security rating.
Each domain listing shows the public URL, subdomains, security rating, and most recent scan date.
IP listings show the address details, address scorecard and domains.
Note: The scores are allocated by DNS, only if a domain is not hosted on an owned IP will an IP be scanned for scoring.
What is on a vendor's questionnaires page?
A vendor's questionnaires page allows you to send questionnaires to the vendor, see any previous questionnaires, and manage their responses.
What is on a vendor's vulnerabilities page?
The vulnerabilities page lists published vulnerabilities that may affect the software running on the vendor's websites. The software is identified from information exposed in the HTTP headers and website content.
The vulnerabilities reported on this page have been published to the Common Vulnerabilities and Exposures (CVE) database, a list of publicly disclosed cybersecurity vulnerabilities.
This does not guarantee that the website is vulnerable, only that it may be vulnerable under certain conditions. The details of the vulnerability must be reviewed to properly assess the risk to your website. To help assess the risk, the CVSS score (Common Vulnerability Scoring System) is also reported in the UpGuard platform.
The CVSS score is a published standard developed to capture the principal characteristics of a vulnerability and produce a numerical score between 0 and 10 reflecting its severity.
What's on the remediation page?
The remediation page allows you to request remediation of risks within the UpGuard platform.
You'll be able to request remediation of risks identified in security questionnaires or any of the risks identified in the vendor's risk profile.
You can also waive risks identified from the risk profile, questionnaires, or additional evidence.
What's on the contacts page?
The contacts page allows you to add and save contact information for a particular vendor so you can easily send them requests through UpGuard.
What's on the fourth parties page?
The fourth parties page shows the vendors used by your vendors.
What's on the risk assessments page?
The risk assessments page provides a way to capture a snapshot of the risks and evidence at the time this vendor was assessed.
What's on the additional evidence page?
The additional evidence page can be used to upload documents, like audit reports or completed security questionnaires, and capture identified risks. All documents uploaded to questionnaires completed by the vendor can also be found here.
See also: