Instantly understand your vendors’ security posture with our data-driven, objective, and dynamic security ratings. Our security ratings are generated through the analysis of trusted commercial, open-source, and proprietary threat intelligence feeds and non-intrusive data collection methods.
Vendor security ratings
Instantly understand your vendor’s overall security posture.
- Easy to understand for non-technical stakeholders and senior management
- Updated multiple times a day
- Based on the analysis of each of your vendor’s underlying domains and their security posture
- Takes into account risks identified in UpGuard security questionnaires
Domain security ratings
Explore the security posture of individual domains and drill into issues.
- Based on the analysis of hundreds of individual risks across five risk categories
Get real-time insight into your vendors’ security performance, misconfigurations, and risk profile. Track their performance over time and get started in minutes, not weeks, with our fully integrated solution and API. Because we use externally verifiable information, you can monitor any vendor, instantly.
Instantly find and monitor your vendors with just their domain name.
- Instant and continuous visibility into the cyber health of any vendor
- Monitor their security performance over time
- Get notified immediately when their security degrades
Portfolio risk profile
Identify common cybersecurity issues across your vendor portfolio and request remediation.
- Ordered by severity
- Grouped by finding
- See the number of vendors with the risk
- Filter by risk category, label, or vendor
- Rely on UpGuard’s remediation workflows
Get an executive-level overview of an individual vendor’s security posture.
- Key vendor information
- Security rating
- Questionnaire and remediation context
- Twelve-month security performance
Understand an individual vendor’s risk profile and drill down into risks shared across their infrastructure.
- Transparent security ratings
- Intelligent risk categories
- Updated daily
- Real-time risk insights
Domains and IPs
Dive deep into an individual vendor and view the domains and IPs that belong to them and their corresponding cyber risks.
- See the security rating of each domain and associated risks
- Automatic vendor domain discovery, no manual input needed
- See active and inactive domains
Discover vulnerabilities that may be exploitable in the software that is running on your vendor’s website.
- Automatically detected through exposed information in HTTP headers and website content
- Each vulnerability has CVE ID information and a CVSS, a numerical score between 0 and 10 that reflects the severity
Stop relying on third-parties to monitor your fourth-parties and get instant insight into your fourth-party vendors. While fourth-parties aren’t necessarily contractually connected to your organization, they still represent risk that needs to be monitored.
Instantly understand your organization’s most common fourth-party vendors.
- Add fourth-parties to your monitored vendors list
- Know how to plan for disaster recovery
- Instantly assess downstream impacts
- Streamline your breach response
Dive deep into an individual vendor’s supply chain and understand the impact fourth-parties on your security posture.
- Identify who your vendors do business with and validate their use of subcontractors
- Validate assessment responses from third-parties on the use of or reliance on fourth-parties
Assess and remediate vendor risk
Stop using lengthy and error-prone spreadsheet-based risk assessments. Let us guide you each step of the way from documenting the evidence you referenced to adding commentary. When you’re done, you can save your assessment inside the UpGuard platform.
Follow UpGuard’s inbuilt risk assessment process to assess your third-party vendors.
- Specify the evidence you reviewed as part of the assessment including UpGuard security questionnaires and automated scan results
- Document your findings based on evidence
- Record who conducted the assessment
- Export the assessment as a PDF
Capture and store security and compliance-related documentation and identify new risks
- Securely store security and compliance-related documentation
- Create risks inside the platform and associate them with a specific vendor
- Use identified risks in risk assessment workflows
Accelerate your questionnaire exchange process by using UpGuard’s powerful and flexible security questionnaire tools. UpGuard’s meticulously designed questionnaire library means you no longer have to create questionnaires from scratch.
Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x.
- Choose from twelve industry-standard questionnaires
- Easily set deadlines and send reminders to ensure questionnaires are completed
- Track the status of each outgoing security questionnaire
- A sophisticated audit log and messaging built-in
Stop creating your own questionnaires and let us create them for you based on regulations and best practices.
- UpGuard questionnaire
- Short-form UpGuard questionnaire
- ISO 27001 questionnaire
- NIST Cybersecurity framework questionnaire
- PCI DSS questionnaire
- COBIT 5 questionnaire
- ISA 62443-2-1:2009 questionnaire
- ISA 62443-3-3:2013 questionnaire
- GDPR questionnaire
- CIS Controls 7.1 questionnaire
- NIST SP 800-53 Rev. 4 questionnaire
- CCPA questionnaire
- Modern slavery questionnaire
- Pandemic questionnaire
- Security and privacy program questionnaire
- Web application security questionnaire
- Infrastructure security questionnaire
- Physical and data centre security questionnaire
Questionnaire builder lets you build custom questionnaires for specific use cases as per your requirements. You can use one of our standard questionnaires to get started and edit the questions or create one from scratch.
- Use questionnaire library to get started
- Supports many question types like single-select, multi-select, full text and file uploads
- Supports conditional logics for building sophisticated questionnaires
- Build simple questionnaires for vendor onboarding or complex security questionnaires for vendor risk assessments
- Automatic risk identification and score updates based on the responses
Save time, eliminate the email back and forth, and onboard new vendors faster by accessing the security information of a potential vendor who has published security information to their UpGuard Security Profile.
Vendor security profiles
Eliminate email tennis and instantly access information published by your vendor on their security profile.
- Vendor security rating
- Industry average security rating
- Vendor information
- Completed security questionnaires
- Supporting documentation
Simplify and accelerate how you request remediation of cybersecurity risks from your third-party vendors. Use our real-time data to provide context to your vendors, rely on our workflows to track progress, and get notified when issues are fixed.
Use inbuilt workflows to remediated risks identified in security questionnaires and by the UpGuard platform.
- Fix man-in-the-middle risks
- Find insecure SSL/TLS certificates
- Understand vendor email security
- Enforce HSTS
- Close unnecessary open ports
- Fix vulnerable software
- Prevent HTTP accessibility
- Secure cookie configuration
See the potential improvement in security ratings from remediating a risk or set of risks instead of knowing the impact after the fact.
- See how specific risks impact security ratings
- Prioritize risks to be mitigated based on the improvement in rating
- Securely create and share a remediation plan with your team or your vendors within UpGuard
- Collaborate with internal teams and third-party vendors within UpGuard
- Track the progress of each remediation request in a centralized location
Manage vendor risk
Reporting and insights
Effectively report on your third-party risk management program to the Board and C-Suite. Have more productive conversations and create a common language and reporting framework that is easily understood by anyone at your organization.
Use our prebuilt executive reporting suite to get insights right inside the platform. With structure access to your data, you can do things such as: see your average vendor security rating and twelve-month history, explore your current vendor risk ratings breakdown, and find your highest and lowest rated vendors.
- Prebuilt reporting for your third-party risk management program
- Current average vendor rating and twelve-month history
- Distribution of vendor ratings and twelve-month comparison
- Highest and lowest-rated vendors
- Most and least improved vendors
- Concentration of fourth-party technologies
Vendor risk report
Generate an in-depth PDF report that can be shared with internal stakeholders and vendors.
- Outlines security posture of vendor
- Configure to include automated scanning, questionnaires, and additional evidence
- Share with colleagues, board members, or vendors without having to invite them to UpGuard
- Give vendors the context they need to remediate risks
- Most and least improved vendors
- Concentration of fourth-party technologies
Single view that allows you to see the security performance of a vendor organisation with multiple subsidiaries
- A vendor's entire security posture in one place
- Drill into vendor's subsidiary security performance
- Easily navigate between vendor's subsidiaries
- Whole-of-organisation view that lets you see how individual risks affect vendor's entire portfolio
Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.
Roles and permissions
Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.
- Get fine-grained control on providing specific users access to specific products and features
- Create roles, and associate permissions with these
- Grant users access to a role
- A change in permission associated with a role applies to all users with that role
Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.
- SSO options like Microsoft Azure, Okta, and Ping Identity
- SAML integration
Attach notes for your teammates on remediation requests, risk waivers, and data leaks to give them context when they jump into the platform.
Documents and contacts
Capture contact details and store relevant documentation on a vendor directly in the UpGuard platform.
- Know exactly where to find contact details and documents about a specific vendor
Keep track of important events and who performed them inside the UpGuard platform.
- Real-time reporting and data
- Filter by user, event type, and time
- Streamline workflows
Vendor information collected by an entity in a larger group of companies can now be shared with other related entities by easily providing them access to it within the UpGuard Vendor Risk platform.
- Use evidences collected by related entities
- Reuse existing risk assessments
- Avoid repetition and save time
- Greater visibility of the total risk exposure to a vendor
Integrate and extend the UpGuard platform with other tools with our easy to use API that can save hours of human time.
Access information about your UpGuard account programmatically.
Get vendor security ratings in ServiceNow.
- Add UpGuard as a scoring provider in ServiceNow
- Automatically add vendors for risk scoring in UpGuard
UpGuard Vendor Risk Datasheet
UpGuard Vendor Risk continuously monitors your vendors, automates security questionnaires, and reduces third and fourth-party risk.
- Key features and benefits of UpGuard Vendor Risk
- More info on UpGuard Vendor Risk and UpGuard
Free instant security score
How secure is your organization?
Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
- Instant insights you can act on immediately
- Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities