How to use vendor risk waivers

Learn how to waive risks identified through the UpGuard platform.

Risk waivers let you waive vendor risks identified through automated scanning, security questionnaires, and additional evidence. You can create a vendor risk waiver from a number of places.

In this article, we'll show you how to: 

1. Waiving risks from a vendor's risk profile

You can use the Risk Profile page to create a vendor risk waiver. Firs, navigate to Vendor Risk > Vendors > Select a vendor > Risk Profile. In the Risk details section, if you see a risk you want to waive, select the row and then choose Manage risk > Waive this risk.


Once you click to waive the risk, you can configure the risk waiver. Enter a justification, set an expiry date if applicable, then select whether the waiver requires approval. Your administrator can set the default approval control in Settings to require approvals for all risk waivers, and nominate authorized approvers. 


Review the details, and if everything looks good, select Submit risk waiver.

2. Waiving risks from security questionnaires

You can also use the Questionnaire details page to create a vendor risk waiver. When you are viewing the details of a security questionnaire, you’ll see Risks identified as part of the questionnaire. To waive a specific risk, select Manage risk and Waive this risk


Once you click to waive the risk, you can configure the risk waiver. Enter a justification and set an expiry date if applicable, then select whether the waiver requires approval. Your administrator can set the default approval control in Settings to require approvals for all risk waivers and nominate authorized approvers.

Review the details, and if everything looks good, select Submit risk waiver.

3. Waiving risks from the Portfolio Risk Profile

You can also create a vendor risk waiver from the Portfolio Risk Portfolio page. When you identify a risk, you can select it to see which vendors are exposed to the risk. If you wish to waive a risk for a particular vendor, click on the vendor and then click Create a Risk Waiver.

Once you click to waive the risk, you can configure the risk waiver. Enter a justification, set an expiry date if applicable, then select whether the waiver requires approval. Your administrator can set the default approval control in Settings to require approvals for all risk waivers, and nominate authorized approvers. 

Review the details, and if everything looks good, select Submit risk waiver.

4. Waiving risks from Risk Waivers

You can create a vendor risk waiver from the risk waivers tab of the Modified Risks page. First, navigate to Vendor Risk > Vendors > Select a vendor > Modified Risks

Select Create risk waiver to get started.



You’ll be taken to the first step of the vendor risk waiver process: Select risk. If the vendor has a lot of risks, you can use the Show all dropdown to filter by risk category or use the search bar and enter text.

Once you've selected the risk you want to waive, you can configure which assets the risk is being waived for by clicking on the arrow. Once you are happy with your selection, click Confirm and next.

Now you can configure the risk waiver. Enter a justification, set an expiry date if applicable, then select whether the waiver requires approval. Your administrator can set the default approval control in Settings to require approvals for all risk waivers, and nominate authorized approvers. 



Review the details, and if everything looks good, select Submit risk waiver.

See also