Monitor vendors
Security ratings
Instantly understand your vendors’ security posture with our data-driven, objective, and dynamic security ratings. Our security ratings are generated through the analysis of trusted commercial, open-source, and proprietary threat intelligence feeds and non-intrusive data collection methods.
Vendor security ratings
Instantly understand your vendor’s overall security posture.
Easy to understand for non-technical stakeholders and senior management- Updated multiple times a day
- Based on the analysis of each of your vendor’s underlying domains and their security posture
- Takes into account risks identified in UpGuard security questionnaires
Domain security ratings
Explore the security posture of individual domains and drill into issues.
- Based on the analysis of hundreds of individual risks across ten scan-risk categories
Custom notifications
UpGuard comes with a host of default notifications, and allows you to create and manage custom notifications as well. These can be used for in-app and email alerts, or webhook triggers.
- Get notified when you organization score drops
- Get notified when a vendor's score drops below a threshold
- Custom notifications can also be used to trigger webhook integrations
- Customize notifications based on labels and vendor tiers
Third-party risk
Get real-time visibility into vendors’ security performance with near-instant identification of risks and gaps. Start in minutes and maintain continuous risk coverage between assessments for proactive third-party security.
Vendors
Instantly find and monitor your vendors with just their domain name.
- Instant and continuous visibility into the cyber health of any vendor
- Monitor their security performance over time
- Get notified immediately when their security degrades
Vendor inventory
Vendor inventory helps you find, track, and monitor the security posture of any organization instantly. You can categorize vendors, compare them against industry benchmarks, and see how their security posture is changing over time.
- All monitored vendors in a centralized location
- Easily find vendors using the search bar
- Sort by vendor tier, name, score, or labels
Vendor labels
Labels provide an easy way to tag your vendors with key characteristics, allowing you to easily filter and identify vendors of a specific type
- Easily filter and identify vendors
- Apply actions to vendors with the same labels
- Automatically assign vendors to labels based on Vendor Relationship Questionnaire responses
Vendor tiering
Vendor tiering allows you to classify your vendors based on the inherent risk they pose to your organization, and adjust the level of assessment you do on each vendor as a result.
- Easily filter the vendors list by tier
- See a vendor's tier when viewing any vendor-specific page in the platform
- Customize notifications for a tier of vendors
- Adjust the level of assessment you do on each vendor based on their tier
- Automatically assign tiers based on Vendor Relationship Questionnaire responses
Custom vendor attributes
Attributes provide you with the ability to add additional structured information to manage individual vendor relationships that have common themes.
- Customize and create attributes based on your business requirements and reporting needs
- Improved filtering and sorting allows for more efficient analysis of data
- Easily export vendor information based on common themes for reporting and analysis
- Consolidate key vendor information in one centralized location
- Automatically assign custom attributes based on Vendor Relationship Questionnaire responses
Vendor portfolios
The vendor portfolios feature allows you to organize your monitored vendors by different use-cases into separate lists. Once setup, you can control user access for each of the portfolios.
- Easily filter, view and report the performance of individual portfolios
- Maintain and report on separate vendor portfolios for different departments or groups within your organization
- Manage permissions so that users only have access to the portfolios and vendors they need
- Automatically assign vendors to portfolios based on Vendor Relationship Questionnaire responses
Portfolio risk profile
Identify common cybersecurity issues across your vendor portfolio and request remediation.
- Ordered by severity
- Grouped by finding
- See the number of vendors with the risk
- Filter by risk category, label, or vendor
- Rely on UpGuard’s remediation workflows
Vendor summary
Get an executive-level overview of an individual vendor’s security posture.
- Key vendor information
- Security rating
- Questionnaire and remediation context
- Twelve-month security performance
Risk profile
Understand an individual vendor’s risk profile and drill down into risks shared across their infrastructure.
- Transparent security ratings
- Intelligent risk categories
- Updated daily
- Real-time risk insights
Compliance reporting
The compliance reporting feature enables customers to view their own or their vendor’s risk details (including web risks) mapped against recognized security standards or compliance frameworks like NIST CSF or ISO 27001.
- Assess if your organization or a vendor complies with a security framework
- Easily view sections of the compliance framework that your organization or the vendor does or does not comply with
- Understand the risks detected in specific sections of the compliance framework
Domains and IPs
Dive deep into an individual vendor and view the domains and IPs that belong to them and their corresponding cyber risks.
- See the security rating of each domain and associated risks
- Automatic vendor domain discovery, no manual input needed
- See active and inactive domains
Vulnerabilities
Discover vulnerabilities that may be exploitable in the software that is running on your vendor’s website.
- Automatically detected through exposed information in HTTP headers and website content
- Each vulnerability has CVE ID information and a CVSS, a numerical score between 0 and 10 that reflects the severity
Fourth-party risk
Stop relying on third-parties to monitor your fourth-parties and get instant insight into your fourth-party vendors. While fourth-parties aren’t necessarily contractually connected to your organization, they still represent risk that needs to be monitored.
Concentration risk
Instantly understand your organization’s most common fourth-party vendors.
- Add fourth-parties to your monitored vendors list
- Know how to plan for disaster recovery
- Instantly assess downstream impacts
- Streamline your breach response
Supply chain
Dive deep into an individual vendor’s supply chain and understand the impact fourth-parties on your security posture.
- Identify who your vendors do business with and validate their use of subcontractors
- Validate assessment responses from third-parties on the use of or reliance on fourth-parties
Assess and remediate vendor risk
AI-powered Security Profile
Uncover third-party weaknesses in minutes using the combined power of continuous scanning and AI-powered document analysis. Use the time saved to respond earlier and close security gaps before they become incidents.
Security Profile
Get a real-time view of a vendor's risks and controls — in one place.
- Assess vendor's security across critical risk categories and 81 comprehensive controls
- Instantly see control statuses — met, unmet, or requiring attention — for faster decision-making
- Toggle controls on or off to tailor assessments based on the relevance of each vendor relationship
AI-document analysis
Utilize powerful AI to scan virtually any security document — such as a SOC 2 report — to identify and fill data gaps, reducing reliance on vendor responses.
- Automate document review to instantly fill critical data gaps, reducing reliance on vendor responses
- Identify and highlight risk-relevant information in minutes, streamlining assessments and freeing up your team
- Focus vendor outreach only on the missing gaps, saving time and accelerating responses
- AI findings are source-tracked, allowing you to review, remove, or retain citations, keeping you in complete control
Sourced evidence
Leverage UpGuard pre-sourced, verifiable evidence to reduce information gaps, ensuring you have comprehensive, reliable data at your fingertips.
- Access pre-sourced and pre-scanned verifiable evidence to fill evidence gaps
- Stay audit-ready with source-linked information that enhances transparency and reduces audit risks
Risk assessment
Say goodbye to spreadsheet-based risk assessments that slow you down. Scale up (and improve accuracy and speed) with point-in-time risk assessments that generate in under 60 seconds.
Vendor risk matrix
Quickly focus on the most impactful areas of your vendor risk management program by visualizing your vendor portfolio risk by Security Rating and Vendor Tier.
- Identify vendors with the highest risk exposure to the business to drive remediation with your vendors
- Quickly visualize your vendor portolio to enable decision making on which vendor risks to focus on first
- See a filtered list of your vendors and their risks so you can start reducing your cyber risk with maximum impact
Instant Risk Assessments
Leverage AI to streamline and accelerate your third-party risk assessments and deliver detailed, point-in-time insights at scale.
- Spend less time writing (and more time refining) with AI-generated commentary based on your compliance assessments and risk management activities
- Deliver clear, structured reports that turn complex risk insights into straightforward information, enabling faster, more confident decision-making for stakeholders
- Effortlessly scale your assessments while staying aligned with compliance requirements, ensuring accuracy and thoroughness across your expanding vendor base
Vendor users
Vendors of UpGuard customers can create a free account to answer questionnaires, complete risk assessments and to create a shared vendor profile.
- Vendors can easily respond to security questionnaires from UpGuard customers
- Vendors can invite collaborators to complete risk assessments requested by UpGuard customers
- Vendors can save answered questionnaires to their shared profile to avoid answering the same questions multiple times
Additional evidence
Capture and store security and compliance-related documentation and identify new risks
- Securely store security and compliance-related documentation
- Create risks inside the platform and associate them with a specific vendor
- Use identified risks in risk assessment workflows
Remediation requests
Creating a risk assessment for a vendor allows you to specify the evidence reviewed, document findings based on this evidence, record who conducted the assessment, and more. It provides a way to capture a snapshot of the risks and evidence at the time this vendor was assessed
- Specify the evidence you reviewed as part of the assessment including UpGuard security questionnaires and automated scan results
- Document your findings based on evidence
- Record who conducted the assessment
- Export the assessment as a PDF
- Send remediation requests, track the progress of each item under remediation and have a record of the remediation request embedded directly in a point-in-time risk assessment
- Reduce the time it takes to perform and document a vendor risk assessment
- Efficiently monitor and track the risk assessment of your vendors
Risk waivers
Vendor risk waivers let you waive vendor risks identified by automated scanning, security questionnaires and additional evidence.
- Allows you to see a vendor's score after waiving the risks
- Waived vendor risk will stop appearing in the vendor’s risk profile and their security rating will be recalculated for your organization
- Streamline the risk assessment workflow by creating, reviewing and waiving risks within a risk assessment
- View the public risk waivers of other UpGuard customers, and choose whether to accept those risks
Vendor comparison
UpGuard's vendor comparison tool lets you compare the security posture of up to four vendors side-by-side and dive into the details to see which vendor represents the lowest risk.
- Great way to communicate the security posture of new vendors to stakeholders who may not have security expertise
- Save time when deciding which new vendor to onboard
- Easily evaluate potential alternatives that offer improved security
Security questionnaires
Accelerate your questionnaire exchange process with powerful automation and a comprehensive questionnaire library. Say goodbye to creating questionnaires from scratch, chasing updates, and manually identifying risks from vendor responses.
Security questionnaires
Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x.
- Utilize an expanding collection of over thirty pre-configured industry-standard questionnaires
- Automatically discover risks and analyze severity based on vendor responses
- Select multiple vendors, and send them the same questionnaire simultaneously
- Easily set deadlines and send reminders to ensure questionnaires are completed
- Monitor individual and collective questionnaire statuses with detailed progress and change logs
- A sophisticated audit log and messaging built-in
- Quickly review only the answers that have changed with a side-by-side comparison of different version of questionnaires that have been sent to your vendors
Questionnaire library
Use questionnaires based on regulations and best practices from our industry leading library.
- UpGuard questionnaire
- Short-form UpGuard questionnaire
- Combined ISO27001:2022 & NIST CSF 2.0 questionnaire
- Standardized Information Gathering (SIG) Core 2024 questionnaire
- Standardized Information Gathering (SIG) Lite 2024 questionnaire
- Europe’s Digital Operational Resilience Act (DORA)
- India’s Digital Personal Data Protection (DPDP) Act 2023 questionnaire
- ISO 27001 questionnaire
- NIST Cybersecurity framework questionnaire
- PCI DSS questionnaire
- COBIT 5 questionnaire
- ISA 62443-2-1:2009 questionnaire
- ISA 62443-3-3:2013 questionnaire
- GDPR questionnaire
- CIS Controls 7.1 questionnaire
- NIST SP 800-53 Rev. 4 questionnaire
- CCPA questionnaire
- Modern slavery questionnaire
- Pandemic questionnaire
- Security and privacy program questionnaire
- Web application security questionnaire
- Infrastructure security questionnaire
- Physical and data centre security questionnaire
- SolarWinds Questionnaire
- Kaseya Questionnaire
- Apache Log4J - Critical Vulnerability Questionnaire
- HECVAT questionnaire
- HIPAA questionnaire
Questionnaire builder
Questionnaire builder lets you build custom questionnaires for specific use cases as per your requirements. You can use one of our standard questionnaires to get started and edit the questions or create one from scratch.
- Use questionnaire library to get started
- Supports many question types like single-select, multi-select, full text and file uploads
- Supports conditional logics for building sophisticated questionnaires
- Build simple questionnaires for vendor onboarding or complex security questionnaires for vendor risk assessments
- Automatic risk identification and score updates based on the responses
Workflows
Simplify and accelerate how you request remediation of cybersecurity risks from your third-party vendors. Use our real-time data to provide context to your vendors, rely on our workflows to track progress, and get notified when issues are fixed.
Remediation workflows
Use inbuilt workflows to remediated risks identified in security questionnaires and by the UpGuard platform.
- Fix man-in-the-middle risks
- Find insecure SSL/TLS certificates
- Understand vendor email security
- Enforce HSTS
- Close unnecessary open ports
- Fix vulnerable software
- Prevent HTTP accessibility
- Secure cookie configuration
Remediation planner
See the potential improvement in security ratings from remediating a risk or set of risks instead of knowing the impact after the fact.
- See how specific risks impact security ratings
- Prioritize risks to be mitigated based on the improvement in rating
- Securely create and share a remediation plan with your team or your vendors within UpGuard
- Collaborate with internal teams and third-party vendors within UpGuard
- Track the progress of each remediation request in a centralized location
Managed vendor assessments
Get insight into your third-party risk without the manual effort. Let us take on the complex task of conducting vendor risk assessments, and alleviate the challenges you’re facing from a lack of specialized skills and limited internal capacity. With our expert analysts, your business can concentrate on growth and innovation, assured that your vendor risk assessments are thorough, insightful, and current.
Comprehensive risk assessment
Extensive vendor risk evaluations through attack surface scans, document analysis, and security questionnaires.
- Request a managed risk assessment in one click
- Receive regular updates and track the progress of your risk assessments
- Integrated scanning, documentation, and questionnaires used to identify vendor risks
- Utilization of existing evidence, without reliance on security questionnaires, to prepare the report
- Report mapped to industry frameworks
- Receive a comprehensive risk assessment PDF report
Actionable reports
Best practice report aligned to standardized control groups, with key risks highlighted to prioritize action planning.
- Classification of risks, mapped to 6 categories and 18 control groups
- Easy-to-read report with engaging visuals
- Summary of key risks to share with internal stakeholders
- Clear statement of risks and compensating control information to drive remediation plans
UpGuard analyst
Experienced in-house cybersecurity analysts oversee the risk assessment process and vendor communication.
- A designated analyst to manage the end-to-end process
- Rely on the analyst's deep expertise and experience to prepare your risk assessments
- Analyst liaises with the vendor to capture missing information
Manage vendor risk
Reporting and insights
The Reports Library makes it easier and faster for you to access tailor made reports for different stakeholders, all in one centralized location. Effectively report on your third-party risk management program, including to the Board and C-Suite and other interested parties.
Executive reporting
Use our prebuilt executive reporting suite to get insights right inside the platform. With structure access to your data, you can do things such as: see your average vendor security rating and twelve-month history, explore your current vendor risk ratings breakdown, and find your highest and lowest rated vendors.
- Board Summary report provides a high level snapshot of key factors about your company's cyber security posture
- Prebuilt reporting for your third-party risk management program
- Current average vendor rating and twelve-month history
- Distribution of vendor ratings and twelve-month comparison
- Highest and lowest-rated vendors
- Most and least improved vendors
- Concentration of fourth-party technologies
Vendor risk report
Generate an in-depth PDF report that can be shared with internal stakeholders and vendors.
- Summarized or detailed Vendor Summary report to help reduce third party risks
- Outlines security posture of vendor
- Configure to include automated scanning, questionnaires, and additional evidence
- Share with colleagues, board members, or vendors without having to invite them to UpGuard
- Give vendors the context they need to remediate risks
- Most and least improved vendors
- Concentration of fourth-party technologies
Vendor subsidiaries
Single view that allows you to see the security performance of a vendor organisation with multiple subsidiaries
- A vendor's entire security posture in one place
- Drill into vendor's subsidiary security performance
- Easily navigate between vendor's subsidiaries
- Whole-of-organisation view that lets you see how individual risks affect vendor's entire portfolio
Custom report templates
Ensure consistency and standardization of your reports by creating and saving custom report templates.
- Add custom commentary and configure which elements to include in your report
- Save time and create templates that can be utilized by your team to run custom reports
Business operations
Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.
Roles and permissions
Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.
- Get fine-grained control on providing specific users access to specific products and features
- Create roles, and associate permissions with these
- Grant users access to a role
- A change in permission associated with a role applies to all users with that role
Templates
Templates lets administrators set up templates for remediation requests, risk assessments, and questionnaires sent from the UpGuard platform.
- Save time and ensure consistency
- Uniformity across teams and processes
- Reduce mistakes and errors caused by copying and pasting text across documents
Co-branding
Co-branding lets you add your company branding to all emails and any vendor risk reports generated in the UpGuard platform.
- Showcase your brand in all external communications done via emails
- Create professional security reports with your branding on it
- Make it easier for vendors to recognize questionnaires sent by you by adding your logo to it
Account security
Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.
- SSO options like Microsoft Azure, Okta, and Ping Identity
- SAML integration
Collaboration notes
Attach notes for your teammates on remediation requests, risk waivers, and data leaks to give them context when they jump into the platform.
Documents and contacts
Capture contact details and store relevant documentation on a vendor directly in the UpGuard platform.
- Know exactly where to find contact details and documents about a specific vendor
Audit log
Keep track of important events and who performed them inside the UpGuard platform.
- Searchable
- Real-time reporting and data
- Filter by user, event type, and time
- Streamline workflows
Scheduled reports
Use the reports feature to see the status of queued reports, and download, delete or archive completed reports.
- See all exported reports in one place
- Hit export and continue working while the report gets generated in the background
- Create and manage schedules for any recurring reports
Shared assets
Vendor information collected by an entity in a larger group of companies can now be shared with other related entities by easily providing them access to it within the UpGuard Vendor Risk platform.
- Use evidences collected by related entities
- Reuse existing risk assessments
- Avoid repetition and save time
- Greater visibility of the total risk exposure to a vendor
Third-party integrations
Integrate and extend the UpGuard platform with other tools with our easy to use API that can save hours of human time.
Jira integration
Quickly and easily push events and notifications from UpGuard into any Jira project, giving you the flexibility to manage workflows to address security risks promptly
- Save time by quickly creating Jira issues, prioritizing, and assigning them to the relevant person
- Ensure people receive the correct information so they can promptly investigate and remediate security risks
- Easily maintain your workflow and present only the information you want to the relevant people in your team
Slack integration
Connect UpGuard to your Slack workspace to get the notifications you need directly into a Slack channel of your choice, giving you the flexibility to display the information you need to act promptly.
- Easily integrate your Slack workplace to receive notifications from UpGuard
- Setup triggers for notifications, decide what Slack channel to send them to, and customize your messages.
- Get instantly notified on Slack, and remediate security faster
Zapier integration
Using Zapier, an automation platform that connects to thousands of apps, you can now connect UpGuard to any other app that Zapier supports.
- Automate regularly used workflows without coding
- Connect UpGuard to thousands of apps on the Zapier platform like JIRA, Trello, Google Sheets, ServiceNow and many more
- Get instant notifications on Slack, Microsoft Teams and other collaboration apps and remediate security faster
ServiceNow integration
Get vendor security ratings in ServiceNow.
- Add UpGuard as a scoring provider in ServiceNow
- Automatically add vendors for risk scoring in UpGuard
UpGuard API
Access information about your UpGuard account programmatically.
Simple, transparent pricing
Start securing your supply chain with scalable plans from 50 to unlimited vendors.
Free instant security score
How secure is your organization?
