UpGuard allows you to create and store risk assessments for any of your monitored vendors. The risk assessment feature allows you to:

  • Specify the evidence you reviewed as part of the assessment (including domains and their associated risks, questionnaires, additional evidence, and automated scan results)
  • Document your findings based on this evidence
  • Record who conducted the assessment
  • Export the assessment as a PDF
  • Make the assessment visible within the app to all the users of your account

Creating a risk assessment

Step 1: Monitor the vendor

Before you can create a risk assessment, you need to be monitoring the vendor. If you aren't currently monitoring the vendor you want to assess, you can learn how to monitor them here.

Step 2: Select the vendor

If you're already monitoring them, you can find the vendor by clicking on the "Vendors" section under Vendor Risk in the sidebar.

In the example below, I've chosen UpGuard as the vendor I wish to assess. Now that you've chosen your vendor, click on "Risk Assessment":

Step 3: Start an assessment

If you haven't assessed the vendor, you should see a screen similar to the screenshot shown below. Click "Start an Assessment" to proceed.

Step 4: Choose supporting evidence

The next step is to select the evidence you want to reference as part of your risk assessment.

In the screenshot below, I have chosen to include a complete security questionnaire, additional evidence document, and automated scanning results.

Click the toggle if you do not want to include evidence.

Step 5: Write a summary

Now we've selected our supporting evidence, it's time to write up a summary of our findings.

Once you're done, scroll down to provide in-depth details.

Step 6: Provide detail

The details section is where you can provide more detail and outline individual risks that you have found and want to report back to the business.

Step 7: Save or Publish your assessment

Now that you've finished writing your assessment, scroll to the top of the page and click:

  • Finish Editing: This will save the risk assessment as a draft; or
  • Publish: This will allow all users of your UpGuard account to view the assessment.

Step 8 (optional): Export the assessment

To export an assessment, you will need to publish it. Once published, click the "Export" button in the top right corner of your screen.

Additional resources

Did this answer your question?