Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Security Profile: Add Evidence

Evidence and Security Profile

Evidence fuels Security Profile — it’s what we’ll (primarily) analyze to understand whether or not the vendor is meeting the specified controls. There are three ways evidence lands on  Security Profile:

  • UpGuard has pre-added evidence for some of our customers most popular vendors. This evidence is automatically scanned for you, you don’t need to do anything.
  • PDFs and Excel files added on a Vendor’s Additional Evidence tab. You’ll be able to select this evidence to scan on Security Profile.
  • You add evidence directly from Security Profile.

Add (or exclude) evidence from Security Profile

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel.
  2. Ensure you’re on the Vendor’s tab.
  3. Select a vendor (or monitor a new vendor).
  4. Select Security Profile from the expanded options under the vendor’s name in the left-nav.
  5. Click the gear icon in the Evidence box. NB: You’ll see any evidence currently being used listed in the Evidence box.
  6. Check the box next to existing evidence you’d like to analyze or upload new documents.
  7. Uncheck a box next to previously scanned evidence to remove it from analysis.
  8. Click Run analysis or Update analysis.
UpGuard immediately begins analyzing the selected evidence and updating Security Profile accordingly. This may take up to 10 minutes depending on the size and number of documents being scanned. You can safely navigate away from the page. We’ll let you know when the scan is complete.

 

💡 When UpGuard scans evidence, we automatically evaluate the selected evidence against the full 500+ check library. This means no rescan is needed if controls are added or removed from the template or if you change templates.

Gap questionnaires

Once you have uploaded and scanned all your available evidence, you may still have gaps in your Security Profile and need information from the vendor to address them. You can request missing evidence by sending a gap questionnaire. A gap questionnaire is a dynamic questionnaire which:

  • includes questions specific to the controls you have applied
  • uses selected evidence to pre-fill relevant answers for the vendor (they can rewrite and override these)

Any controls marked as n/a are not included on gap questionnaires.

Gap questionnaire benefits

Gap questionnaires are

  • Dynamic and only cover what you need to know. Gap questionnaires are automatically pared down to what you need to know. E.g. they only cover the controls a vendor is currently being evaluated against.
  • Easier for the vendor to answer. Gap questionnaires are pre-filled (using evidence) for the vendor where possible.
  • Instant updates. When your vendor submits a gap questionnaire, Security Profile is automatically updated based on their responses and identified risks (or checks passed).

Send a gap questionnaire

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel.
  2. Ensure you’re on the Vendor’s tab.
  3. Select a vendor (or monitor a new vendor).
  4. Select Security Profile from the expanded options under the vendor’s name in the left-nav.
  5. Click Actions.
  6. Click Request evidence.
  7. Click Next on the pop-up that appears.
  8. Select an existing contact at the vendor’s organization who will be able to fill out the gap questionnaire. Or + Add a new contact.
  9. Click Next.
  10. Use the date fields to Set a due date that the questionnaire should be completed by and (optionally) a reminder date.
  11. Click Send questionnaire.

An email is immediately sent to the specified contact alerting them that they have a questionnaire to fill out. You’ll see details about the sent questionnaire in the Summary section and can click its status to see more details. Once the questionnaire is submitted you can review responses in the questionnaire itself.