All Collections
UpGuard Vendor Risk
Vendors
What details can UpGuard Vendor Risk provide about a vendor?
What details can UpGuard Vendor Risk provide about a vendor?

Learn about how UpGuard Vendor Risk can help you scale your third-party risk management and vendor risk management teams.

Abi Tyas Tunggal avatar
Written by Abi Tyas Tunggal
Updated over a week ago

UpGuard Vendor Risk provides the following modules for all monitored vendors:

  • Vendor Summary

  • Risk Profile

  • Domains & IPs

  • Questionnaires

  • Vulnerabilities

  • Remediation

  • Documents & Contacts

Note that an instant report will not have access to the Questionnaires, Vulnerabilities, Remediation, or Documents & Contacts modules.

What is in the Vendor Summary?

UpGuard's Vendor Summary modules produce an executive-level overview of an individual vendor's security posture. 

This includes: 

  • Key vendor information

  • The number of domains and IPs UpGuard monitors for the vendor

  • Questionnaire and remediation information

  • Security rating trend

  • Website risks

  • Email security risks

  • Network security risks

  • Reputation risks

  • Phishing & malware risks

  • Brand protection risks

What is in a vendor's Risk Profile?

A vendor's risk profile outlines their security rating trend as well as the underlying risks they are exposed to.

Each risk represents a failed security control check. Each failed check is given a severity, name, risk, category, and number of sites exposed to the risk. 

What are in a vendor's Domains & IPs modules?

A vendor's domains & IPs outline all the domains and IPs the vendor owns, along with their respective security rating. 

Each domain listing shows the public URL, subdomains, security rating, and most recent scan date.

IP listings show the address details. address scorecard and domains.

Note: The scores are allocated by DNS, only if a domain is not hosted on an owned IP will an IP be scanned for scoring.

What is in a vendor's Questionnaires module?

A vendor's questionnaire section allows you to send questionnaires to the vendor, see any previous questionnaires, and manage their responses.

What is outlined in a vendor's Vulnerabilities?

The vulnerabilities page lists published vulnerabilities that may affect the software running on the vendor's websites. The software is identified from information exposed in the HTTP headers and website content. 

The vulnerabilities reported on this page have been published to the Common Vulnerabilities and Exposures (CVE) database, a list of publicly disclosed cybersecurity vulnerabilities. 

This does not guarantee that the website is vulnerable, only that it may be vulnerable under certain conditions. The details of the vulnerability must be reviewed to properly assess the risk to your website. To help assess the risk, the CVSS score (Common Vulnerability Scoring System) is also reported in the UpGuard platform. 

The CVSS score is a published standard developed to capture the principal characteristics of a vulnerability and produce a numerical score between 0 and 10 reflecting its severity.

What is included in the Risk Waivers and Remediations module?

The remediation module allows you to request remediation of a particular risk or risks within the UpGuard platform. 

You'll be able to request remediation of risks identified in security questionnaires or any of the risks identified in the vendor's risk profile. 

The risk waivers module allows you to waive a particular risk(s) identified in the Risk Profile and Questionnaires.

What are in the Documents & Contacts modules?

The contacts module allows you to add and save contact information for a particular vendor.

The documents module allows you to capture documentation for a particular vendor.

Fourth Parties

The fourth parties module shows the vendor's to which this vendor is connected to.

Risk Assessment

The risk assessment module provides a way to capture a snapshot of the risks and evidence at the time this vendor was assessed.

Additional Evidence

The additional evidence can be used to upload documents, like audit reports or completed security questionnaires, and capture identified risks. All documents uploaded to questionnaires completed by the vendor can also be found here.

Related Articles

Did this answer your question?