Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Work with Controls and Checks 

Controls and checks let you see how a vendor is performing against the criteria in their assigned control template.

Search and filter controls and checks

  1. Click Vendor Risk in UpGuard’s left-navigation.
  2. Select a vendor.
  3. Select Security Profile from the expanded navigation.
  4. Make sure you’re on the Controls and checks tab.
  5. Select Controls or Checks.
  6. Search or filter:
    1. To search: use the search box at the top of the controls and checks section
    2. To filter: click Apply filters and select the appropriate filters.

Review checks (check evidence, request remediation, waive risks)

From the Checks view, you can inspect citations for any evaluated check, request remediation for detected risks, or waive a risk if it’s not applicable.

  1. Vendor Risk > Vendors > select a vendor > Security Profile.
  2. Select the Controls and checks tab.
  3. Switch to the Checks view.
  4. For all risks (except those with No evidence): click into the check to see the citation(s) referencing the specific text, from uploaded Evidence, that was used to reach this result.
  5. Click Manage risk on checks where a risk is detected.
  6. Select Request remediation or Waive this risk. Each option takes you to the corresponding workflow: either risk remediation or risk waiver.

🎵 If you find that a citation is incorrect or should not be used: click the three vertical dots next to that citation, and click Reject citation. That specific copy will no longer be used as evidence for this check.

Mark controls and checks as not applicable

Mark controls and checks as N/A when a particular vendor should not be evaluated against a control or check in their assigned control template. Alternatively, you can apply a different control template, create a custom template or edit templates.

  1. Vendor Risk > Vendors > select a vendor > Security Profile.
  2. Ensure Controls and checks is selected.
  3. For controls: click the vertical ellipsis on a control’s row and click Mark as N/A > Yes, mark as N/A.
  4. For Checks: click the box next to a check and click Mark as N/A > Yes, mark as N/A.

When controls that are marked as N/A:

  • That vendor is no longer assessed against that control and all checks are marked as n/a. If a check is associated with multiple controls, it is marked as N/A in all controls.
  • N/A controls are hidden by default, but you can adjust filters to see them again.

When checks that are marked as N/A:

  • That vendor is no longer assessed against that check.

Any risks associated with the control remain visible on Risk Profile.

Bulk actions

  1. Vendor Risk > Vendors > select a vendor > Security Profile> Controls and checks tab>Controls or Checks view.
  2. Click the check box next to each check you want to select.
  3. Bulk action options will appear. Different actions are available on different checks. The bulk action options you see are determined by the checks you select.
  4. Follow the prompts to complete your action.