Vendor Risk Management With Portfolios

Updated on June 28, 2018 by UpGuard

One of the challenges of managing third-party risk is effectively managing large portfolios of vendors. Your business may have hundreds, even thousands of vendors, each used differently and presenting different kinds of information security risks. To help organize and manage your vendors, UpGuard CyberRisk uses a common pattern found in email clients such as Gmail. You can organize your vendors in the way that makes sense to you using labels.

Adding labels to your vendors can be accomplished in just a few clicks. Select vendors from the list, choose a label, and then click "Apply." This flexibility allows vendor risk managers to easily use cross-cutting organizational principles. You can label vendors by the kind of service they provide, the internal department responsible for their budget, or by the types of data they handle. 

cyberrisk_labels_apply.gif

Every business is different, so labels are easy to customize to your needs. Select any vendors to which you want to apply the label, enter the label text, and you're done. 

cyberrisk_labels_create.gif

Those labels can then be used to easily filter long lists of vendors, enabling effective management and reporting.


cyberrisk_labels_filter.gif
Labelling and filtering your vendors seamlessly integrates with the rest of UpGuard CyberRisk's capabilities, streamlining your vendor risk management process.

After labeling and filtering your vendors, the risk score helps your team identify the vendors most at risk of a security breach. The detailed vendor reports provide information on the vectors to which those vendors are exposed, and the technical steps they can take to improve their resilience.

You can also issue automated security questionnaires for additional due diligence. These close the loop by requesting attestations from your vendors on internal controls that cannot be assessed externally.

Learn how to manage your third-party vendor risk in our free eBook.

Download the buyer's guide to third party risk management