This video provides a comprehensive introduction to the UpGuard platform, helping new users navigate the core modules for internal and external security monitoring. You will learn how to effectively manage your organization’s security posture and streamline third-party risk assessments.

What you’ll learn:

• A guided walkthrough of the dashboard and primary navigation tools.
• How to monitor your own attack surface and identify potential vulnerabilities.
• Techniques for evaluating third-party security ratings and automating risk assessments.
• Using Trust Pages to simplify security document sharing and build transparency.
• How to generate and customize reports for stakeholder communication.

Duration: 60m

This workshop provides comprehensive training on managing your internal attack surface to improve and maintain a high security rating. It is designed for administrators and security teams who need to establish sustainable processes for internal risk management.

What you’ll learn:

• Confirming domains and organizing assets using portfolios and labels.
• Navigating the workflow to identify, remediate, or waive security risks.
• Configuring critical notifications for proactive monitoring of your attack surface.
• Utilizing advanced tools for typosquatting detection and identity breach management.
• Establishing competitor monitoring to benchmark your Breach Risk against peers.

Duration: 43m 50s

This video demonstrates how to create and manage a Trust Page to automate vendor questionnaire responses and reduce manual workloads. It is a practical guide for security and compliance teams looking to scale their document sharing and improve efficiency.

What you’ll learn:

• Setting up a centralized Trust Page with custom branding and compliance badges.
• Building a content library to house frequently requested security documents.
• Tracking real-time access and downloads to monitor vendor engagement.
• Managing questionnaire tasks and configuring custom domains for your page.
• Implementing strategies to reduce Breach Risk through transparent documentation.

Duration: 4m 31s

This video guides administrators through the account settings menu to customize platform functionality and manage internal user permissions. It helps team leads configure their environment to match specific organizational workflows and security requirements.

What you’ll learn:

• Managing user accounts, API keys, and group sharing permissions.
• Setting up co-branding for external emails and generated reports.
• Configuring custom notification alerts and default message fields.
• Organizing assets and portfolios using internal labels and tools.
• Utilizing control templates and document types within the content library to mitigate Breach Risk.

Duration: 5m 20s

In this interactive product tour, we'll take you through the steps to configure the Vendor Onboarding Portal.

What you'll learn:

• How to enable the portal
• Customize your onboarding form
• Automate vendor requests through a secure, standardized intake workflow

Duration: 2m

This video provides a high-level overview of the platform's core features to help new users navigate their dashboard and manage vendor data. It is designed for administrators and analysts looking to streamline their daily workflow.

What you’ll learn:

• Navigating account activity and announcements on the home page.
• Tracking major updates through the My Tasks tab.
• Generating and scheduling customizable reports based on vendor assessments.
• Sharing reports via email and utilizing the support chat for inquiries.
• Monitoring overall Breach Risk and security trends.

Duration: 6m 54s

This webinar introduces the Security Profile feature, offering a strategic framework to transition from traditional questionnaires to evidence-based vendor evaluations. It helps risk professionals automate document analysis and focus on high-impact security gaps.

What you’ll learn:

• Automating document analysis for SOC 2 reports and security policies.
• Leveraging automated scanning to instantly satisfy up to 26 security controls.
• Deploying targeted gap questionnaires to reduce vendor assessment fatigue.
• Mapping findings to ISO 27001 and NIST frameworks for compliance.
• Managing document classification and AI-generated assessments to lower Breach Risk.

Duration: 60m

This video explains how the platform identifies and monitors an organization's attack surface through automated scanning and security ratings. It is a vital resource for security teams looking to identify vulnerabilities, remediate risks, and benchmark their performance against competitors.

What you’ll learn:

• Evaluating security posture through automated scans and numeric risk ratings. 
• Remediating or waiving discovered vulnerabilities to improve your score. 
• Monitoring competitor risk profiles and benchmarking your Breach Risk. 
• Generating historical reports to track security improvements over time. 
• Managing breach notifications and identifying third-party vulnerabilities.

Duration: 21m 37s

This video outlines a structured approach to vendor risk management by utilizing tiering and AI-driven assessments to prioritize high-impact relationships. It helps risk managers and procurement teams efficiently evaluate vendor security postures and manage remediation.

What you’ll learn:

• Implementing vendor tiering to focus resources on the highest Breach Risk areas.
• Using AI to automate initial assessments and streamline information gathering.
• Deploying gap questionnaires to target specific security weaknesses.
• Managing remediation requests and tracking vendor ratings over time.
• Navigating the dashboard for a comprehensive view of organizational risk analysis.

Duration: 17m 28s

This video explains the concept of vendor tiering and how to categorize business partners based on their data access and organizational criticality. It helps security and compliance teams streamline their vendor risk assessments by matching the evaluation rigor to each vendor's risk level. 

What you’ll learn:

• How to define vendor tiering and its role in risk management.
• The difference in assessing high-access systems versus low-risk software.
• Why data sensitivity determines the depth of a vendor evaluation.
• How to use a structured framework to categorize your organization's vendors.

Duration: 1m 45s

This beginner-level workshop introduces the fundamentals of third-party risk management using the platform to establish a scalable vendor monitoring process. It is ideal for new users looking to configure their environment and initiate their first evidence-based assessments.

What you’ll learn:

• Configuring vendor tiering systems and portfolios for structured organization.
• Onboarding vendors and leveraging security profiles for initial monitoring.
• Implementing an evidence-first approach using existing documentation to reduce questionnaire volume.
• Using AI-powered analysis to map vendor security postures against ISO 27001 and NIST frameworks.
• Generating customized risk assessments to communicate Breach Risk to stakeholders.

Duration: 51m 35s

This training explains the ideal vendor onboarding workflow, helping security teams evaluate and mitigate third-party risks before signing contracts. It covers everything from the initial onboarding request to the final go or no-go decision, ensuring your organization avoids early contractual exposure. 

What you'll learn:

• How to submit and process a vendor onboarding request.
• Criteria for tiering vendors and conducting security evaluations in UpGuard.
• Methods for assessing Breach Risk to make informed go/no-go decisions.
• Procedures for managing risk waiving and remediation activities.

Duration: 2m

This training explains how to manage and assess vendors that are already in use without prior security evaluation. It helps security teams navigate retroactive tiering, evaluation, and the critical contract continuation or termination decisions required to mitigate existing third-party risk. 

What you'll learn:

• Sending onboarding requests to internal champions for existing vendors.
• Assessing active vendors based on specific tier requirements.
• Evaluating Breach Risk during the interim unassessed period.
• Making critical contract continuation or termination decisions.

Duration: 1m 16s

This training covers how to optimize and customize vendor onboarding questionnaires to improve completion rates and ensure effective vendor tiering. It helps security teams design targeted, purposeful assessments that gather essential information while preventing questionnaire fatigue. 

What you'll learn:

• Customizing default onboarding questionnaires and tiering guidelines.
• Identifying must-have requirements and essential information from internal teams.
• Removing unnecessary questions that do not provide valuable security insights.
• Structuring targeted questionnaires to streamline the vendor assessment process.

Duration: 50s

This tutorial covers how to implement conditional logic in forms to create dynamic, relevant user experiences. It helps administrators design concise forms that display specific questions based on a user's previous answers. 

What you'll learn:

• Configuring forms so questions appear dynamically based on previous selections.
• Showing specific data hosting questions when software options are selected.
• Triggering privacy control questions when users indicate access to PII.
• Streamlining the user experience by hiding irrelevant form sections.

Duration: 49s

This tutorial demonstrates how to create and configure automation rules to streamline vendor management. It helps security teams automatically assign vendor tiers, labels, portfolios, or custom attributes based on specific criteria. 

What you'll learn:

• Creating a new automation rule with titles and descriptions.
• Exploring automation options like portfolios, labels, and custom attributes.
• Setting up criteria to automatically tier vendors handling PII as critical.
• Testing and saving automation rules before activation.

Duration: 1m 14s

This training demonstrates how to use advanced automation with weighted scoring and formulas to swiftly categorize vendors. It helps risk management teams eliminate manual review by automatically placing vendors into tiers based on specific risk and security criteria. 

What you'll learn:

• Implementing weighted scoring and formulas for automated vendor tiering.
• Categorizing high-risk vendors handling sensitive data into Tier one.
• Using negative scoring factors like single sign-on utilization to trigger reviews.
• Streamlining vendor risk management by reducing manual evaluation processes.

Duration: 52s

This training explains the importance of establishing cross-team alignment with procurement during the vendor evaluation process. It helps security teams collaborate early with internal stakeholders to secure better vendor cooperation before contracts are signed. 

What you'll learn:

• Building cross-team alignment between security and procurement teams.
• Involving procurement early to increase vendor cooperation during evaluations.
• Navigating internal stakeholder dynamics before contract signatures.
• Implementing successful vendor onboarding strategies shared in organizational roundtables.

Duration: 58s

This training outlines a strategy for implementing a centralized request portal as an organization's sole intake method. It helps security and operations teams drive organizational behavior change and streamline internal requests. 

What you'll learn:

• Redirecting all Slack and email requests to a single portal link.
• Embedding the request link across signatures, channels, and purchase forms.
• Testing the intake workflow with a small internal pilot audience.
• Developing a documented internal process for request management.
• Partnering with IT and procurement champions to accelerate approval times.

Duration: 1m 20s

This training explains how to use outcome labels to enhance decision-making when finalizing requests. It helps businesses look beyond simple yes or no answers by aligning custom request designations with specific policy language. 

What you'll learn:

• Implementing structured outcome labels during request finalization.
• Creating specific designations like "Approved for a pilot" for clearer decision-making.
• Aligning custom request outcomes with internal policy language.
• Providing operational clarity to teams through structured data fields.

Duration: 50s

This video guides security teams through managing and assessing existing vendors that were never officially evaluated. It explains how to handle retroactive tiering, assess active risks, and make informed contract continuation or termination decisions.

What you'll learn:

• Sending onboarding requests to internal champions
• Assessing active vendors based on tier requirements
• Evaluating Breach Risk during unassessed periods
• Making critical contract continuation or termination decisions

Duration: 7m 18s

This video demonstrates how to run a risk assessment in UpGuard's Security Profile, from reviewing control evidence through publishing a completed assessment. It is a practical overview for vendor risk teams evaluating third parties using Security Profile.

What you'll learn:

• How control implementation status and evidence gaps affect assessment results
• Navigating the executive summary and detailed control breakdowns within an assessment
• Adjusting the assessment output — including technical level, detail, and custom voice prompts — to match your audience
• Publishing an assessment to create a point-in-time snapshot of a vendor's security posture

Duration: 1 m 49 s

This video compares the traditional vendor evaluation workflow with UpGuard's evidence-first approach, and explains how leading risk teams are reducing questionnaire burden. It is an overview for vendor risk managers looking to streamline how they onboard and evaluate third parties.

What you'll learn:

• Why traditional questionnaire-first workflows create delays and right-sizing challenges
• How adding vendor evidence upfront — SOC 2s, policies, security documentation — changes the evaluation flow
• The difference between a full questionnaire and a targeted gap questionnaire
• How shifting to an evidence-first model reduces back-and-forth with vendors

Duration: 1m 32s

This video explains how UpGuard's control templates map to vendor tiers, defining the scope and stringency of each assessment. It is a quick reference for risk teams configuring or reviewing their tiering structure in Security Profile.

What you'll learn:

• How light, core, and elevated control templates correspond to Tier 3, Tier 2, and Tier 1 vendors
• How control scope increases with vendor tier and criticality

Duration: 40s

This video explains why vendor-supplied evidence provides a more reliable signal than self-reported questionnaire responses, and why that distinction matters for risk assessment quality. It is a short explainer for risk managers evaluating how to weight different data sources in their vendor assessments.

What you'll learn:

• Why questionnaire responses are inherently subjective and what factors introduce bias
• How evidence-based evaluation produces a more objective view of vendor security posture
• The limitations of relying solely on self-reported data from vendors

Duration: 46s

This video walks through how UpGuard populates your Breach Risk domains list and how we recommend using and auditing the list. 

What you'll learn:

• How UpGuard's external scanning identifies and associates domains with your account using MX records, DNS records, WHOIS data, and certificate transparency logs
• Why passive domain discovery gives you a more complete picture of your attack surface than a manually maintained list
• How to navigate the Breach Risk domains module and interpret what's there
• What to do if domains are missing, outdated, or shouldn't be associated with your organization
• How to work with UpGuard support and your CSM to correct or update your domains list

Duration: 5m 24s

This video introduces UpGuard to vendors who have received a questionnaire request, covering everything they need to get started and complete their response. It is a quick-start guide for vendors new to the UpGuard platform.

What you'll learn:

• How to create a free UpGuard account and access your assigned questionnaire
• Adding collaborators directly in the platform instead of forwarding the original email
• Exporting and uploading responses in Excel if working in an online tool isn't an option
• Using AI Autofill with reference documents like SOC 2s to pre-populate answers and save time
• How Trust Exchange can help you avoid filling out questionnaires from scratch in the future
• Where to go for product support versus questions about questionnaire content

Duration: 4m