Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Vendor Risk Security Profile: Add Evidence

Overview

Evidence is what UpGuard (primarily) analyzes to determine whether a vendor is meeting specified controls. The AI reads uploaded evidence, maps it to checks, and marks each check as ‘passed’ or ‘risk detected’ accordingly.

For each check that is marked as ‘passed’ or ‘risk detected’, we include citations referencing the specific text, from Evidence, used to reach that conclusion.

Recommended evidence for Security Profile:

  • SOC 2 reports
  • Detailed third-party audits
  • Past questionnaires
  • Documents that include specific descriptions of how security controls are implemented

Not recommended:

  • Certificates and high-level compliance statements. These typically confirm that controls exist but don’t describe how they’re implemented, which is what the AI needs to evaluate checks. They may match few or no checks.
  • Documents without implementation detail. Evidence that doesn’t explain the mechanics of how a control is met will leave more checks in a ‘no evidence’ state, requiring more manual follow-up.

How evidence lands on Security Profile 

Evidence lands on Security Profile in one of four ways:

  • For some of the most commonly monitored vendors, UpGuard pre-adds publicly available evidence and scans it automatically. No action needed.
  • A vendor has published their Security Profile on a Trust Center.
  • PDFs and Excel files added on a Vendor’s Additional Evidence tab. You’ll be able to select this evidence to scan on Security Profile.
  • You add evidence directly from Security Profile.

Add (or exclude) evidence from Security Profile

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel.
  2. Ensure you’re on the Vendor’s tab.
  3. Select a vendor (or monitor a new vendor).
  4. Select Security Profile from the expanded options under the vendor’s name in the left-nav.
  5. Select the Evidence tab. You'll see existing evidence along with options to upload or archive evidence.
    1. To add evidence: click Upload evidence, or check the box next to any existing evidence that isn’t currently selected.
    2. To archive evidence: Click the vertical ellipsis in an evidence’s row and click Archive.
    3. To exclude evidence from analysis without removing it: uncheck the box next to any previously scanned evidence.
  6. Click Run analysis or Update analysis.

UpGuard immediately begins analyzing the selected evidence and updating Security Profile accordingly. This may take up to 10 minutes depending on the size and number of documents being scanned. You can safely navigate away from the page. We’ll let you know when the scan is complete.

Still missing information? Send a gap questionnaire.

💡 When UpGuard scans evidence, we automatically evaluate the selected evidence against the full 500+ check library. This means no rescan is needed if controls are added or removed from the template or if you change templates.