To add a vendor to your Managed Vendors, you must have the Vendor Management Admin permission. If you don't have this role, please contact your account administrator.

If you have the required permissions, you should see Managed Vendors under CYBER RESEARCH in the sidebar. Depending on your screen size, you may need to scroll down the sidebar until you find the CYBER RESEARCH header.

Alternatively, you can click here to go directly to Managed Vendors.

If your team hasn't requested a managed service yet, your screen will look similar to the screenshot below. Click Request a managed service.

If this is your first time adding a managed vendor, your screen will look similar to the screenshot below. Click Request a managed service.

If you or your team have added a vendor in the past, your screen will look similar to the screenshot below. As above, click Request a managed service to add another.

When you click Request New Assessment, you’ll be asked to select your vendor. You can search by name or URL. In this example, I’ll be adding UpGuard as a managed vendor by searching for UpGuard. When you are happy with your selection, click Confirm and next in the bottom right corner of your screen.

From here, you’ll be taken to Managed service details which lets you specify:

  • Select a service level (if your organization has purchased more than one type)

  • Vendor contact information

  • Vendor importance

  • Whether the vendor has been notified to let them know that UpGuard will be assessing them on your behalf

  • Your relationship with the vendor

  • Any other information you wish to provide

In general, more information is better as our analysts will use this information to establish the required scope of the service and to identify any areas that need to be focused on.

Once you are happy with the information you have provided, click Submit in the bottom right corner of your screen to add the vendor to your Managed Vendors.

Once you are happy with the information you want to provide, click Submit in the bottom right corner of your screen to add the vendor to your Active Vendors.

Once you have submitted your request, we'll send a notification to our team of analysts who will be assigned to the task. If there are any special considerations for the scope of the assessment or its due date, you can reach your analyst by contacting support or through in-app chat.

Once a service has been requested, you can monitor the status of active requests on Managed Vendors. In the screenshot below, you can see the status of the request is Requested.

You can keep track of the status of any active requests here too. Depending on the service level of your request, there are many possible statuses. Below they are broken down into each tier.

Evidence chasing:

  • Requested: Your request has been submitted to our team of analysts but work has not yet started.

  • Gathering Evidence: Your analyst has sent a questionnaire to the vendor.

  • Reviewing Evidence: The questionnaire has been submitted by the vendor and is being reviewed by the analyst along with any additional evidence provided.

  • Complete - View Questionnaire: The questionnaire is complete and is available for you to review.

Risk assessment:

  • Requested: Your request has been submitted to our team of analysts but work has not yet started.

  • Gathering Evidence: Your analyst has sent a questionnaire to the vendor.

  • Reviewing Evidence: The questionnaire has been submitted by the vendor and is being reviewed by the analyst along with any additional evidence provided.

  • Performing Risk Assessment: Your analyst is assessing the vendor based on UpGuard's automated scanning results, the submitted security questionnaire, and additional evidence provided.

  • Complete - View Risk Assessment: The risk assessment is complete and available for you to review.

Risk remedaition:

  • Requested: Your request has been submitted to our team of analysts but work has not yet started.

  • Gathering Evidence: Your analyst has sent a questionnaire to the vendor.

  • Reviewing Evidence: The questionnaire has been submitted by the vendor and is being reviewed by the analyst along with any additional evidence provided.

  • Performing Risk Assessment: Your analyst is assessing the vendor based on UpGuard's automated scanning results, the submitted security questionnaire, and additional evidence provided.

  • Planning Remediation: Your analyst will work with you to determine which risks should be remediated and create a remediation plan.

  • Remediating Risks: The remediation plan has been submitted to the vendor. Your analyst will work with the vendor to remediate the identified risks.

  • Reviewing Remediation: Your vendor has submitted the remediation plan for review, the analyst will review the results to determine if the vendor has remediated the identified issues.

  • Complete - View Risk Remediation: The remediation workflow is complete and available for you to review.

As our third-party risk management services work on a yearly cadence, the status of your requests will move to Annual Review Coming Up after 10 months of being complete and then to Annual Review Overdue after 12 months. This ensures that your vendors are assessed on an annual basis.

Did this answer your question?