How to Use Vendor Risk Waivers

Learn how to waive risks identified through the UpGuard platform.

Written by Abi Tyas Tunggal
 

Vendor risk waivers let you waive vendor risks identified by automated scanning, security questionnaires, and additional evidence. There are a number of places you can use as the starting point for creating a vendor risk waiver.

Waiving risks from the Risk Profile

You can use the Risk Profile page to create a vendor risk waiver. If you are exploring a vendor’s risk profile and identify a risk you want to waive, click on the risk to expand it. Once the risk is expanded, you’ll see an option to Waive this risk.

Once you click to waive the risk, you can configure the risk waiver. Enter a justification and set an expiry date if applicable, then select whether the waiver requires approval. Your account admin can set approval control via the Settings page to require approvals for all risk waivers, and nominate authorized approvers.

Review the details of the new risk waiver, and when you are happy with the details, click Complete.

Waiving risks from security questionnaires

You can use the Questionnaire details page to create a vendor risk waiver. When you are viewing the details of a security questionnaire, you’ll see risks identified as part of the questionnaire. If you expand a section, you’ll see the underlying risks and next to those risks you’ll have the option to waive the risk.

Once you click to waive the risk, you can configure the risk waiver. Enter a justification and set an expiry date if applicable, then select whether the waiver requires approval. Your account admin can set approval control via the Settings page to require approvals for all risk waivers, and nominate authorized approvers.

Review the details of the risk waiver, and when you are happy with the details, click Complete.

Waiving risks from Portfolio Risk Profile

You can also create a vendor risk waiver from the Portfolio Risk Portfolio page. When you identify a risk, clicking into it will reveal the vendors exposed to the risk. If you wish to waive a risk at a particular vendor, click on the vendor and then click Create a Risk Waiver.

Once you click to waive the risk, you can configure the risk waiver. Enter a justification and set an expiry date if applicable, then select whether the waiver requires approval. Your account admin can set approval control via the Settings page to require approvals for all risk waivers, and nominate authorized approvers.

Review the details of the risk waiver, and when you are happy with the details, click Complete.

Waiving risks from Risk Waivers

You can create a vendor risk waiver from Risk Waivers which can be found under the individual vendor in the sidebar. Click Create Risk Waiver to get started.

You’ll be taken to the first step of the vendor risk waiver process: Select Risk. If the vendor has a lot of risks, you can filter by risk category or free text. Once you have selected the risk, you can configure which assets the risk is being waived for by clicking on the arrow. Once you are happy with your selection, click Confirm and next.

Enter a justification and set an expiry date if applicable, then select whether the waiver requires approval. Your account admin can set approval control via the Settings page to require approvals for all risk waivers, and nominate authorized approvers.

Review the details of the risk waiver, and when you are happy with the details, click Complete.

 

See also