If you use a recognized security framework such as ISO 27001 or NIST CSF, compliance reporting provides an easy way to assess the level of compliance that a vendor has against one of these standards. You can easily see which sections of standards that they comply with and which areas they are non compliant as per the screenshot below.

These standards rely on information which can’t solely be collected through automated internet scanning, thus you’ll need the relevant completed security questionnaire. Specifically if you are using ISO 27001 to assess your vendors, you should be sending them the ISO 27001 questionnaire from within the UpGuard platform. Similarly, if you are using NIST CSF, you should be sending the NIST CSF questionnaire.

These questionnaires do have some information mapping between them, allowing a partial fill for each compliance report. In order to get complete coverage you’ll need to send the corresponding questionnaire.

How to enter the Compliance Report view

Select the particular vendor you wish to assess against the given framework within the Vendors navigation, enter the Risk Profile for that particular vendor, then select the View compliance report button.

This will allow you to select which compliance framework lens you wish to view the vendor through:

Hit Select Framework and you will see the vendor’s risk profile mapped to the selected security framework.

Did this answer your question?