If you use a recognized security framework such as ISO 27001 or NIST CSF, compliance reporting provides an easy way to assess the level of compliance that a vendor has against one of these standards. You can easily see which sections of standards they comply with and which areas they are non-compliant as per the screenshot below.

These standards rely on information that can’t solely be collected through automated internet scanning, thus you’ll need the relevant completed security questionnaire. Specifically, if you are using ISO 27001 to assess your vendors, you should be sending them the ISO 27001 questionnaire from within the UpGuard platform. Similarly, if you are using NIST CSF, you should be sending the NIST CSF questionnaire.

These questionnaires do have some information mapping between them, allowing a partial fill for each compliance report. In order to get complete coverage, you’ll need to send the corresponding questionnaire.

Select the particular vendor you wish to assess against the given framework within the Vendors navigation, enter the Risk Profile for that particular vendor, then select the View compliance report button.

This will allow you to select which compliance framework lens you wish to view the vendor through:

Hit Select Framework and you will see the vendor’s risk profile mapped to the selected security framework.

Once you have the framework applied that you wish to export by clicking View compliance report and following the prompts(1), select Export (2) and choose the format and other options you would like to export.