Skip to content
English
Ask our team
Go to sensiba.com
  • There are no suggestions because the search field is empty.

Vendor Management in Vanta

How to Log, Classify and Manage your Third-Parties

Quick Checklist

  • Add all material vendors to Vanta
  • Confirm or adjust risk ratings
  • Complete annual security reviews for high-risk vendors
  • Document findings and ratings

For more details, visit: https://www.vanta.com/products/vendor-risk-management 

OVERVIEW

Vendor management is a key part of every information security and compliance program. If you use third-party software, cloud infrastructure, or other services, you rely on those vendors to support your security and compliance. Vanta helps automate and simplify vendor management.

💡Tip: Take time to scope and risk score your vendors. This saves time and reduces hassles during audits!

STEP 1: SCOPE YOUR MATERIAL VENDORS

  • Vanta automatically identifies vendors in use. Hover over a vendor and select “Add vendor” to include it in your register.
  • Include all vendors that collect, store, or process sensitive data, or those you depend on for business operations.
  • If a vendor isn’t automatically identified, add it manually via the “Add vendor” button on the managed vendors page.

💡Tip: Consider whether all third-party services need to be included. A shorter list allows for greater focus and prioritisation when monitoring and managing them.

Common vendor types

  • Infrastructure (e.g. AWS)
  • Code repository (e.g. GitHub)
  • Authentication/SSO (e.g. Okta)
  • Workspace software (e.g. Google Workspace)
  • Password manager (e.g. 1Password)
  • CRM (e.g. Hubspot)
  • Communications (e.g. Slack)
  • Knowledge management (e.g. ClickUp)
  • Compliance management (e.g. Vanta)

STEP 2: CONFIRM OR ADJUST THE RISK RATINGS

Vanta auto-scores vendors based on data processed, business criticality, and integration.

Adjust these ratings as needed, or set your own risk rating.

Make sure the risk rating matches your business context and risk profile.

💡Tip: Accurate risk ratings help you focus security reviews on higher-risk vendors and save time.

STEP 3: COMPLETE SECURITY REVIEWS

For vendors rated High and Critical, complete an annual security review.

Review the vendors security compliance report if available. SOC 2 or SOC 3 reports are easier to access and may be sufficient.

If no compliance report is available, use a security questionnaire (Vanta provides a template).

Document your findings and assign an approved, conditionally approved, or not approved rating.

Need Help?

We’re here for you! If you have questions or something feels unclear, reach out anytime at csplatform@sensiba.com 

To discuss the above, book a meeting with a Customer Success team member, use this link.

Ready to kick off your audit? Book a meeting here.