Vendor Assessment Guide

Learn how to assess your vendors end-to-end using UpGuard Vendor Risk

Written by David Cook


Step 1
Monitor your new vendor

  • Starting in the Vendors tab, select monitor vendor, and search for your vendor by their organisation name or domain name

    ⭐️ Tip: If there are no search results, you can still add your vendor with the blue attempt to scan button below

Step 2 Gather onboarding information

  • Use the vendor relationship questionnaire to gather information from the internal business owner

  • Questions can be easily customized to suit your initial vendor scoping process

    ⭐️ Tip: Create automation rules to automatically classify vendors based on the business owner's response

Step 3 Classify your vendor

Step 4 Review their risks

Step 5 Send a questionnaire

  • Choose a questionnaire template from our questionnaire library, such as ISO 27001, NIST CSF, and more

  • Send the questionnaire to your vendor to start your vendor due diligence process

    ⭐️ Tip: Set yourself as a recipient to experience the workflow from both sides

Step 6 Answer a questionnaire

  • Use the link in your email to answer the questionnaire, or navigate via the platform

  • Fill out the questionnaire and see how risks are automatically identified

  • Submit the questionnaire and then review the answers from Vendor Risk

Step 7 Add additional evidence

Step 8 Additional - Issue remediation requests

Step 9 Additional - Create risk waivers

Step 10 Complete a risk assessment

🌟🧠 Tip! Now that you've mastered it, we recommend evaluating vendors with different scopes and relationships to your organization.

This will give you a better understanding of managing your entire vendor portfolio.