UpGuard Vendor Risk provides the following modules for all monitored vendors:

  • Vendor Summary
  • Risk Profile
  • Domains & IPs
  • Questionnaires
  • Vulnerabilities
  • Remediation
  • Documents & Contacts

Note that an instant report will not have access to the Questionnaires, Vulnerabilities, Remediation, or Documents & Contacts modules.

What is in the Vendor Summary?

UpGuard's Vendor Summary modules produces an executive-level overview of an individual vendor's security posture. 

This includes: 

  • Key vendor information
  • The number of domains and IPs UpGuard monitors for the vendor
  • Questionnaire and remediation information
  • Security ratings trend
  • Website risks
  • Email security risks
  • Network security risks
  • Reputation risks
  • Phishing & malware risks
  • Brand protection risks

What is in a vendor's Risk Profile?

A vendor's risk profile outlines their security ratings trend as well as the underlying risks they are exposed to.

Each risk represents a failed security control check. Each failed check is given a severity, name, risk, category, and number of sites exposed to the risk. 

What is in a vendor's Domains & IPs?

A vendor's domains & IPs outlines all the domains and IPs the vendor owns, along with their respective security rating. 

Each domain & IP listing shows the public URL, subdomains, security rating, and most recent scan date.

What is in a vendor's Questionnaires module?

A vendor's questionnaire section allows you to send questionnaires to the vendor, see any previous questionnaires, and manage their responses.

What is outlined in a vendor's vulnerabilities?

The vulnerabilities page lists published vulnerabilities which may affect the software running on the vendor's websites. The software is identified from information exposed in the HTTP headers and website content. 

The vulnerabilities reported on this page have been published to the Common Vulnerabilities and Exposures (CVE) database, a list of publicly disclosed cybersecurity vulnerabilities. 

This does not guarantee that the website is vulnerable, only that it may be vulnerable under certain conditions. The details of the vulnerability must be reviewed to properly assess the risk to your website. To help assess the risk, the CVSS score (Common Vulnerability Scoring System) is also reported in the UpGuard platform. 

The CVSS score is a published standard developed to capture the principal characteristics of a vulnerability and produce a numerical score between 0 and 10 reflecting its severity.

What is included in the remediation module?

The remediation module allows you to request remediation of a particular risk or risks within the UpGuard platform. 

You'll be able to request remediation of risks identified in security questionnaires or any of the risks identified in the vendor's risk profile. 

What is in the documents & contacts module?

The documents & contacts module allows you to capture documentation and contact information for a particular vendor.

Additional resources

Did this answer your question?