Security questionnaires are a common tool to help you identify potential weaknesses among your vendors. In UpGuard we have sophisticated workflows for sending and assessing risk from security questionnaires. To provide the flexibility to initiate these workflows outside of the platform, you can also send an UpGuard security questionnaire to a vendor through our API.
Prerequisites
To send a questionnaire to a given vendor the following prerequisites must be in place:
An UpGuard account with an API key that you can authenticate with. Follow our tutorial on How to authenticate with your UpGuard API key to set one up.
Required API key permissions: VendorRisk (select when creating API key in Account Settings)
The vendor you want to send questionnaire to must already be monitored in UpGuard (note you can also request a vendor be monitored through our API)
The required questionnaire type must be enabled in your UpGuard account.
Request parameters
You can configure the following fields related to the request:
Questionnaire type (ID)
Email content (message and title) for questionnaire recipient. If this is not provided, the default email (as set up in UpGuard Template Settings will be used)
The visibility level of risk information in the questionnaire
And for each request you will need to enter:
Vendor ID or vendor hostname
Due date and and (optional) reminder date for the questionnaire
Recipient email
Sender email
You can read the response to confirm that the questionnaire has been successfully sent or otherwise, and you can use the List vendor questionnaires endpoint to view details and keep track of status of the questionnaire once it has been sent.
For further detail see the API documentation.