Learn how to use the security and privacy pages section in vendor risk assessments.
UpGuard stores security and privacy pages against each organisation, to make it easier to source and access publicly available security information when performing vendor risk assessments. Security and privacy pages can be added to an organization's profile in a number of ways:
-
UpGuard scans the public websites of our most highly-monitored vendors to identify relevant security and privacy pages. These links are added to the corresponding organization's vendor profile and are visible to any organisation monitoring that vendor.
-
Any organisation that has an UpGuard Trust Page can add links to their own organization's profile to help other organizations assessing them in the UpGuard Platform (these links are then visible to any organisation monitoring that organization).
-
UpGuard Vendor Risk users can add links to the profile of any organization they are monitoring. These links are only visible to users within their own organization, for them to use in their vendor assessments.
In this article you will learn how to:
View and add comments to security and privacy pages for an organisation you are monitoring
Security and privacy pages for a specific vendor can be accessed by clicking through from the Vendor summary or by navigating to the Security and privacy pages section of Additional evidence.
You can click on the URL to review the contents of the page and click through to add comments. This comments section could be used to record information relevant to assessing risk associated with that vendor based on the contents of the page.
Comments can be added to all links, irrespective of whether they have been added by UpGuard, users within the vendors organisation, or users within your own organisation.
Add and edit security and privacy pages for an organisation you are monitoring
You can add new security and privacy pages for an organization you are monitoring, as well as edit or delete any that have been added by users within your own organisation. Pages which have been added by UpGuard or added by users within the vendor organisation cannot be deleted or edited.
To add a new security and privacy page, click Add Page from the Security and privacy pages section within Additional evidence.
You can select a page category to help classify the page, and add URL, and comments. Comments can also be added later as described in the previous section.
To edit an existing link (which has been created by a user within your organisation), from the Security and privacy pages section within Additional evidence, click the arrow to the right hand side if the relevant link, and then select Edit.
You can edit all fields for the selected link provided it has been created by a user within your organisation. Once you have updated the relevant fields, select Save Changes.
Use security and privacy pages as part of a vendor risk assessment
The evidence found in security and privacy pages can be included in a vendor risk assessment. Reviewing information found on these pages can short-cut the assessment process and save time having to chase up a vendor for this information. To include these pages as part of your risk assessment, select the relevant pages via the tick-box selection in Step 1 of your risk assessment, along with any other evidence you want to include.
If a page has been used as part of a completed risk assessment a snapshot of this page and associated comments will be recorded against that risk assessment to ensure it accurately reflects conditions at the time of the assessment.
See also: