UpGuard allows you to create and store risk assessments for any of your monitored vendors. The risk assessment feature allows you to:

  • Specify the evidence you reviewed as part of the assessment (including domains and their associated risks, questionnaires, additional evidence, and automated scan results)

  • Document your findings based on this evidence

  • Record who conducted the assessment

  • Set a reassessment date

  • Export the assessment as a PDF

  • Make the assessment visible within the app to all the users of your account

Creating a risk assessment

Step 1: Monitor the vendor

Before you can create a risk assessment, you need to be monitoring the vendor. If you aren't currently monitoring the vendor you want to assess, you can learn how to monitor them here.

Step 2: Select the vendor

If you're already monitoring them, you can find the vendor by clicking on the Vendors section under Vendor Risk in the sidebar, marked 1 in the screenshot below. Now that you've chosen your vendor, click on Risk Assessment in the side panel:

Step 3: Conduct an assessment

If you haven't assessed the vendor, you should see a screen similar to the screenshot shown above. Click either Conduct Assessment button to proceed.

Step 4: Gather and select evidence

The next step is to gather and select the evidence you wish to use as part of your risk assessment. There are a variety of ways to do this, you can:

Step 5: Review the risks

Based on the evidence selected, UpGuard will categorize and display the relevant risks for you to review and decide what action you will take for each.

Step 6: Write your commentary

Now that you've reviewed the risks, it's time to write up any corresponding notes that you wish to include in the add commentary section. This section may be used to document any risks you are intending to remediate or risk waivers that you are going to create for risks that have sufficient controls in place.

Step 7: Complete the assessment and define a reassessment date

Now that you've finished conducting your risk assessment, click on the Complete Assessment -> button in the bottom right corner, and define a date to reassess the vendor in the future.

Additional resources

Did this answer your question?