Product Demo | Managed Vendor Risk Assessments

Product Demo | Managed Vendor Risk Assessments

Mar 11, 2021

Produce accurate vendor assessments using UpGuard's new Managed Vendor Risk Assessments module.

Contact to learn more

UpGuard is a complete third-party risk and attack surface management platform, managing cyber risk across attack surfaces and third-party vendors by proactively identifying security exposures.

Hi there,
My name is Georgia and I’m an Account Executive here at UpGuard.
Today, I’m excited to show you our Managed Vendor Risk Assessments module, which is part of our new Cyber Research product.
Our managed services help you take on the responsibility of assessing an increasing number of vendors, and augments your security team with world-class expertise.
We’ll help you produce consistent, accurate vendor assessments using best practices, ultimately helping you manage your third-party risk.
Our third-party risk analysts collect the evidence necessary to assess vendors on your behalf and present their findings in comprehensive reports that are securely stored within the UpGuard platform.
Reports are based on the analysis of security questionnaires, compensating control information, public security documentation, and security ratings data.
Whether you’re a smaller organization with a few vendors who just wants to get their third-party risk management program started, or a larger multinational with hundreds of vendors, we can help.
For smaller organizations who may not have in-house third party risk experts, our analysts can be engaged for expert assessment of your critical vendors.
For larger organizations, UpGuard’s analysts provide an elastic pool of experts who can help process large numbers of vendors throughout your audit cycle.

Now, let’s have a look at the Managed Vendor Vendor Risk Assessments module.
To request a new Vendor Risk Assessment, you must have Vendor Management Admin permissions. If you do not have the appropriate permissions, contact your account administrator.
To view your managed vendor assessments, click on “Managed Vendors” under Cyber Research in the left sidebar.

Depending on your screen size, you may need to scroll down the left sidebar until you see the Cyber Research header.
If this is your first time adding a managed vendor, your screen will look like this.
On the top right, click Request New Assessment to get started.
You’ll be asked to select your vendor. You can search by name or URL. In this example, I’ll be adding UpGuard as a managed vendor by searching for UpGuard.
When you are happy with your selection, click Confirm and next in the bottom right corner of your screen.
From here, you’ll be taken to Assessment information which lets you specify:
Vendor contact information,
Whether the vendor has been notified to let them know that UpGuard will be assessing them on your behalf, your relationship with the vendor and any other information you wish to provide

The information you provide will be used to establish the scope of the assessment and identify any areas that need to be focused on.
Once you are happy with the information provided, click Submit in the bottom right corner of your screen to add the vendor to your Active Vendors.
Once added, we’ll send a request to our team of third-party analysts, which will be assigned and scheduled for completion.
If there are any special considerations for the scope of the assessment or its due date, you can reach your analyst via email or through in-app chat.
You can also monitor the status of any active request on the Managed Vendors screen.

On this screen, you can see that the status of the request is Requested. There are five possible statuses:
Requested, In Progress, Assessment Due, Assessment Overdue, and Complete

Depending on your license, you can also request remediation for the risks identified in the assessment.
Hopefully, you now have a better understanding of how our Managed Vendors module can assist you in your Third-Party Risk Management program.
For any questions please write to