UpGuard allows you to create and store risk assessments for any of your monitored vendors. The risk assessment feature allows you to:
- Specify the evidence you reviewed as part of the assessment (including domains and their associated risks, questionnaires, additional evidence, and automated scan results)
- Document your findings based on this evidence
- Record who conducted the assessment
- Export the assessment as a PDF
- Make the assessment visible within the app to all the users of your account
Creating a risk assessment
Step 1: Monitor the vendor
Before you can create a risk assessment, you need to be monitoring the vendor. If you aren't currently monitoring the vendor you want to assess, you can learn how to monitor them here.
Step 2: Select the vendor
If you're already monitoring them, you can find the vendor by clicking on the "Vendors" section under Vendor Risk in the sidebar.
In the example below, I've chosen UpGuard as the vendor I wish to assess. Now that you've chosen your vendor, click on "Risk Assessment":
Step 3: Start an assessment
If you haven't assessed the vendor, you should see a screen similar to the screenshot shown below. Click "Start an Assessment" to proceed.
Step 4: Choose supporting evidence
The next step is to select the evidence you want to reference as part of your risk assessment.
In the screenshot below, I have chosen to include a complete security questionnaire, additional evidence document, and automated scanning results.
Click the toggle if you do not want to include evidence.
Step 5: Write a summary
Now we've selected our supporting evidence, it's time to write up a summary of our findings.
Once you're done, scroll down to provide in-depth details.
Step 6: Provide detail
The details section is where you can provide more detail and outline individual risks that you have found and want to report back to the business.
Step 7: Save or Publish your assessment
Now that you've finished writing your assessment, scroll to the top of the page and click:
- Finish Editing: This will save the risk assessment as a draft; or
- Publish: This will allow all users of your UpGuard account to view the assessment.
Step 8 (optional): Export the assessment
To export an assessment, you will need to publish it. Once published, click the "Export" button in the top right corner of your screen.
- What is the Vendors section?
- What is included in a vendor's vulnerabilities?
- How to generate a vendor risk report
- What details can UpGuard Vendor Risk provide about a vendor?
- How to add a new vendor
- How to remove a vendor
- What is the difference between an instant report and a monitored vendor?
- How to capture additional evidence