How to generate a Vendor risk report

Learn how to generate a vendor report that can be shared with colleagues, board members, or employees of a vendor.

Written by Abi Tyas Tunggal

 

Our Vendor Report feature generates a downloadable PDF that summarizes the security posture of any of your monitored vendors. The report is designed to be shared with internal and external stakeholders who are not UpGuard users, such as a colleague, board member or employees of the associated vendor.

The language is simple, easy-to-understand, and suitable for non-technical audiences.

When shared with colleagues, reports can be used to drive decision-making, speed up vendor due diligence, and highlight high-risk vendors that should no longer be used.

When shared with vendors, the report can aid in remediation efforts. Giving vendors access to their risk profile creates open, effective dialogue and empowers them to take action to remediate risks. This directly translates to a reduced risk for your organization.

To aid in remediation efforts, the report unpacks the vendor's security posture into six underlying categories: questionnaire, website security, network security, brand & reputation risk, email security, and phishing & malware.

Each category outlines individual risks, domains impacted, and provides remediation advice. The most severe risks in each category appear first.

Configuration options

What makes these reports so effective is UpGuard’s ability to combine real-time threat signals with traditional risk management techniques. This combination provides a complete picture of the vendor’s cybersecurity risk.

These configuration options provide flexibility, while ensuring that the report can provide a complete overview of your vendor’s risk profile.

Generating a report

Before you can run a report, you need to be monitoring the vendor. If you aren't currently monitoring the vendor, you can learn how to monitor them here.

You can generate a report for a monitored vendor in 2 ways:

Generating a Vendor Report from the Reports Library

Navigate to the Library within the Reports section and select from the available vendor reports: Vendor Summary Report, Vendor Detailed report and risk assessment vendor report.

For each report you can choose quick generate which pre-selects report content and sections, or Customise and generate if you want to customise and curate your report content.

If you select customise and generate, firstly you will be asked to select the vendor you want to run the report for, and then you will be able to choose which data you want to base your report on. Reports can be based on a risk assessment conducted on the UpGuard platform or a combination of automated scanning results, security questionnaires, additional evidence and other risk management activities conducted in the platform. If a report is based on a risk assessment, automated scanning results (and any other information) will be based on the data sources you included in your risk assessment, and the data available at the time of the assessment. Otherwise, results are based on the latest available information.

Once you have selected your data sources, you will be able to select what type of information you want to include in your report, based on risk profile information in the UpGuard platform. You can also re-order the report sections according to your specific requirements.

You can also edit the report introduction and add a custom conclusion to capture your recommendations.

You can then select from standard frequency and delivery options for the report, and then generate the report

From the Report Library you can also create a custom Vendor report template which can be used by you and others in your organization in the case that you have a set report format that you want to re-use repeatedly over time. To learn more see How to Create a custom report template.

Generating a vendor Report When viewing a Vendor in Vendor Risk

Select the Generate report button when you are viewing any page for an individual vendor within Vendor Risk. In this case the vendor will be pre-selected (based on the vendor you were viewing).

You will then be able to select the report type, and follow the customization and report configuration prompts as per generating the report from the reporting library (described above).

How to Download your vendor reports

Like all reports and exports in the UpGuard platform, your report will be made available for download via our Generated reports page.

Understanding the Vendor report options

There are 3 vendor reports with varying information and level of detail, designed to suit different function and suitable for different stakeholders:

  • Vendor Summary report

  • Vendor Detailed Report

  • Risk assessment vendor report

Vendor Summary report

Vendor Detailed Report

Risk assessment vendor report

The vendor summary report provides a high-level overview of a vendor's security posture including category score breakdowns and overall risk counts.

The vendor detailed report includes more detail including list of risks and remediation recommendations and historical risk rating by category.

The risk assessment report presents the results of a point-in-time risk assessment conducted on the UpGuard platform based on the data sources and risk assessment commentary included in that risk assessment.

Keep in mind that by selecting customise and generate, you are able to curate the reporting content in any of these reports to meet your specific needs, as described earlier in this article.

 

See also: