Vendor risk waivers lets you waive vendor risks identified by automated scanning, security questionnaires, and additional evidence. Once a risk is waived, it will stop appearing in your vendor’s risk profile and the security rating for the vendor displayed to you will be recalculated. Note that this will only impact the score shown to your organisation, not the public security rating for the vendor.

This feature is particularly useful for risks identified through security questionnaires. When you send a questionnaire through the UpGuard platform, we automatically identify risks based on the answers provided by your vendor and then ask for compensating control information. You can learn how to send a security questionnaire here.

If a vendor provides adequate compensating control information, and you believe that the risk that was raised is no longer valid, then in this situation you could decide to waive the risk.