Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Vendor Risk Security Profile: Assessments

Run an AI risk assessment

Once you are satisfied that you have enough information to assess the vendor, you can Generate a risk assessment from the Actions button.

  1. Click the Vendor Risk icon in UpGuard’s left-hand navigation panel.
  2. Ensure you’re on the Vendors tab.
  3. Select a vendor (or monitor a new vendor).
  4. Select Security Profile from the expanded options under the vendor’s name in the left-nav.
  5. Click the Risk assessment tab.
  6. The risk assessment will automatically begin generating when you land on the tab and usually takes less than 1 minute.
  7. Edit the assessment as necessary.
  8. Click Publish when you’re ready to publish your assessment.

Your assessment is published! You now have a point-in-time evaluation of this vendor. As you run future assessments you can use Version history to see historical records.

 

🎵 Unedited assessments have an executive summary, vendor background, and summary of each of the 7 security domains based on the evidence you included and your vendor’s risk profile.

Edit an AI assessment

Tailor the text, formatting, and content on assessments to meet your team’s needs.

Edit option

How to

Notes

Refine AI commentary

Click the AI button at the top of the page or next to each section.

You’ll be able to update:

- Audience: technical or non-technical

- Level of detail: low, medium, or high

Custom prompt

- Scope: choose the sections whose commentary settings you want to change. Only selected sections will be affected.

Format text

Click the pencil icon next to each section.

Edit text or add formatting. Commentary supports: bold or italicised text, ordered or unordered lists, and adding tables using HTML (with inline styles for colors and spacing).

Select key risks

Scroll to the Manage risks section and identify key risks.

Only selected risks are listed in the published (PDF) report.

Generate a report

Generate a PDF report of your risk assessment that you can share with others in with others in your organization or save internally as necessary.

❗You need a published AI risk assessment before you can generate a report based on it.

  1. Click the Vendor Risk icon > Vendors > Select a vendor > Security Profile

  2. Click Generate report in the top right.

  3. Select the report you want to generate.

  4. Click

    1. Customize report to edit what is shown on the report.

    2. Quick generate to generate the report using default settings.

  5. Modify settings. You’ll be able to decide report:

    1. Frequency, how often it should be generated

    2. Delivery, if it should be saved to reports or also emailed

    3. Format, PDF or Word.

  6. Click Generate.

Access and share reports from the Generated reports section. Your generated report will summarise the findings of your Security profile risk management and assessment.

Understanding your AI risk assessment security rating

Your AI risk assessment security score is determined by two factors:

  • How the vendor performs against controls and checks related to automated scanning.
  • Control implementation and check risk status (e.g. how is evidence tracking against the selected controls evaluations criteria).

What this means: the evidence you add and the control template you’re using will both drastically affect the score. A vendor can have a very high security score when they’re using a less-strict control template but have a much lower score if they’re evaluated against a more critical template.

Similarly, adding or removing evidence can change the vendor’s score, because the evidence dictates how and if risks are detected on individual checks.