UpGuard Vendor Risk features

One solution for all your third-party risk management needs

Monitor

Security ratings
Vendor security ratings
?
Instantly understand your vendor’s security posture.
Domain security ratings
?
Explore the security of individual domains.
Third-party risk
Vendors
?
Instantly understand your vendor’s security posture.
Portfolio risk profile
?
Identify common issues across your vendors.
Vendor summary
?
Executive-level overview of individual vendors.
Risk profile
?
Understand an individual vendor’s risks.
Domains and IPs
?
Dive deep into individual domain and IP risks.
Vulnerabilities
?
Discover vulnerabilities in vendor software.
Fourth-party risk
Concentration risk
?
Instantly identify common fourth-party vendors.
Supply chain
?
Instantly identify fourth-party supply chain risk.

Assess and remediate

Risk assessment
Risk assessment
?
Seamless inbuilt risk assessment process.
Additional evidence
?
Capture documentation and identify new risks.
Security questionnaires
Security questionnaires
?
Powerful and flexible security questionnaires.
Questionnaire library
?
Based on regulations and best practices.
Security profiles
Vendor security profiles
?
Instantly access info published by your vendor.
Workflows
Remediation workflows
?
Simplify and accelerate your remediation requests.

Manage

Reporting and insights
Executive reporting
?
In-built executive reports for the Board and C-Suite.
Vendor Risk Report
?
In-depth vendor reports available for export.
Business operations
Roles and permissions
?
Tailor access for your team to protect sensitive info.
Account security
?
Support for Azure, Okta, Ping Identity and more.
Collaboration notes
?
Attach notes and info for your teammates.
Documents and contacts
?
Capture contact details and store relevant documents.
Audit log
?
Keep track of important events and users.
Third-party integrations
UpGuard API
?
Access your account programmatically.
ServiceNow integration
?
Access your account programmatically.
Abstract shape
Search browser icon

Monitor vendors

Vendor risk summaryAbstract shape
Rating icon

Security ratings

Instantly understand your vendors’ security posture with our data-driven, objective, and dynamic security ratings. Our security ratings are generated through the analysis of trusted commercial, open-source, and proprietary threat intelligence feeds and non-intrusive data collection methods.

Vendor security ratings

Instantly understand your vendor’s overall security posture.
  • Check icon
    Easy to understand for non-technical stakeholders and senior management
  • Check icon
    Updated multiple times a day
  • Check icon
    Based on the analysis of each of your vendor’s underlying domains and their security posture
  • Check icon
    Takes into account risks identified in UpGuard security questionnaires

Domain security ratings

Explore the security posture of individual domains and drill into issues.
  • Check icon
    Based on the analysis of hundreds of individual risks across five risk categories
Users icon

Third-party risk

Get real-time insight into your vendors’ security performance, misconfigurations, and risk profile. Track their performance over time and get started in minutes, not weeks, with our fully integrated solution and API. Because we use externally verifiable information, you can monitor any vendor, instantly.

Vendors

Instantly find and monitor your vendors with just their domain name.
  • Check icon
    Instant and continuous visibility into the cyber health of any vendor
  • Check icon
    Monitor their security performance over time
  • Check icon
    Get notified immediately when their security degrades

Portfolio risk profile

Identify common cybersecurity issues across your vendor portfolio and request remediation.
  • Check icon
    Ordered by severity
  • Check icon
    Grouped by finding
  • Check icon
    See the number of vendors with the risk
  • Check icon
    Filter by risk category, label, or vendor
  • Check icon
    Rely on UpGuard’s remediation workflows

Vendor summary

Get an executive-level overview of an individual vendor’s security posture.
  • Check icon
    Key vendor information
  • Check icon
    Security rating
  • Check icon
    Questionnaire and remediation context
  • Check icon
    Twelve-month security performance

Risk profile

Understand an individual vendor’s risk profile and drill down into risks shared across their infrastructure.
  • Check icon
    Transparent security ratings
  • Check icon
    Intelligent risk categories
  • Check icon
    Updated daily
  • Check icon
    Real-time risk insights

Domains and IPs

Dive deep into an individual vendor and view the domains and IPs that belong to them and their corresponding cyber risks.
  • Check icon
    See the security rating of each domain and associated risks
  • Check icon
    Automatic vendor domain discovery, no manual input needed
  • Check icon
    See active and inactive domains

Vulnerabilities

Discover vulnerabilities that may be exploitable in the software that is running on your vendor’s website.
  • Check icon
    Automatically detected through exposed information in HTTP headers and website content
  • Check icon
    Each vulnerability has CVE ID information and a CVSS, a numerical score between 0 and 10 that reflects the severity
User group icon

Fourth-party risk

Stop relying on third-parties to monitor your fourth-parties and get instant insight into your fourth-party vendors. While fourth-parties aren’t necessarily contractually connected to your organization, they still represent risk that needs to be monitored.

Concentration risk

Instantly understand your organization’s most common fourth-party vendors.
  • Check icon
    Add fourth-parties to your monitored vendors list
  • Check icon
    Know how to plan for disaster recovery
  • Check icon
    Instantly assess downstream impacts
  • Check icon
    Streamline your breach response

Supply chain

Dive deep into an individual vendor’s supply chain and understand the impact fourth-parties on your security posture.
  • Check icon
    Identify who your vendors do business with and validate their use of subcontractors
  • Check icon
    Validate assessment responses from third-parties on the use of or reliance on fourth-parties
User check icon

Assess and remediate vendor risk

UpGuard vendor portfolio risksAbstract shape
Compliance document icon

Risk assessment

Stop using lengthy and error-prone spreadsheet-based risk assessments. Let us guide you each step of the way from documenting the evidence you referenced to adding commentary. When you’re done, you can save your assessment inside the UpGuard platform.

Risk assessment

Follow UpGuard’s inbuilt risk assessment process to assess your third-party vendors.
  • Check icon
    Specify the evidence you reviewed as part of the assessment including UpGuard security questionnaires and automated scan results
  • Check icon
    Document your findings based on evidence
  • Check icon
    Record who conducted the assessment
  • Check icon
    Record who conducted the assessment
  • Check icon
    Export the assessment as a PDF

Additional evidence

Capture and store security and compliance-related documentation and identify new risks
  • Check icon
    Securely store security and compliance-related documentation
  • Check icon
    Create risks inside the platform and associate them with a specific vendor
  • Check icon
    Use identified risks in risk assessment workflows
Programming icon

Security questionnaires

Accelerate your questionnaire exchange process by using UpGuard’s powerful and flexible security questionnaire tools. UpGuard’s meticulously designed questionnaire library means you no longer have to create questionnaires from scratch.

Security questionnaires

Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x.
  • Check icon
    Choose from twelve industry-standard questionnaires
  • Check icon
    Easily set deadlines and send reminders to ensure questionnaires are completed
  • Check icon
    Track the status of each outgoing security questionnaire
  • Check icon
    A sophisticated audit log and messaging built-in

Questionnaire library

Stop creating your own questionnaires and let us create them for you based on regulations and best practices.
  • Check icon
    UpGuard questionnaire
  • Check icon
    Short-form UpGuard questionnaire
  • Check icon
    ISO 27001 questionnaire
  • Check icon
    NIST Cybersecurity framework questionnaire
  • Check icon
    PCI DSS questionnaire
  • Check icon
    COBIT 5 questionnaire
  • Check icon
    ISA 62443-2-1:2009 questionnaire
  • Check icon
    ISA 62443-3-3:2013 questionnaire
  • Check icon
    GDPR questionnaire
  • Check icon
    CIS Controls 7.1 questionnaire
  • Check icon
    NIST SP 800-53 Rev. 4 questionnaire
  • Check icon
    CCPA questionnaire
  • Check icon
    Modern slavery questionnaire
  • Check icon
    Pandemic questionnaire
  • Check icon
    Security and privacy program questionnaire
  • Check icon
    Web application security questionnaire
  • Check icon
    Infrastructure security questionnaire
  • Check icon
    Physical and data centre security questionnaire
User profile icon

Security profiles

Save time, eliminate the email back and forth, and onboard new vendors faster by accessing the security information of a potential vendor who has published security information to their UpGuard Security Profile.

Vendor security profiles

Eliminate email tennis and instantly access information published by your vendor on their security profile.
  • Check icon
    Vendor security rating
  • Check icon
    Industry average security rating
  • Check icon
    Vendor information
  • Check icon
    Completed security questionnaires
  • Check icon
    Supporting documentation
Workflows icon

Workflows

Simplify and accelerate how you request remediation of cybersecurity risks from your third-party vendors. Use our real-time data to provide context to your vendors, rely on our workflows to track progress, and get notified when issues are fixed.

Remediation workflows

Use inbuilt workflows to remediated risks identified in security questionnaires and by the UpGuard platform.
  • Check icon
    Fix man-in-the-middle risks
  • Check icon
    Find insecure SSL/TLS certificates
  • Check icon
    Understand vendor email security
  • Check icon
    Enforce HSTS
  • Check icon
    Close unnecessary open ports
  • Check icon
    Fix vulnerable software
  • Check icon
    Prevent HTTP accessibility
  • Check icon
    Secure cookie configuration
Check bracket icon

Manage vendor risk

UpGuard Executive SummaryAbstract shape
Pie chart icon

Reporting and insights

Effectively report on your third-party risk management program to the Board and C-Suite. Have more productive conversations and create a common language and reporting framework taht is easily understood by anyone at your organization.

Executive reporting

Use our prebuilt executive reporting suite to get insights right inside the platform. With structure access to your data, you can do things such as: see your average vendor security rating and twelve-month history, explore your current vendor risk ratings breakdown, and find your highest and lowest rated vendors.
  • Check icon
    Prebuilt reporting for your third-party risk management program
  • Check icon
    Current average vendor rating and twelve-month history
  • Check icon
    Distribution of vendor ratings and twelve-month comparison
  • Check icon
    Highest and lowest-rated vendors
  • Check icon
    Most and least improved vendors
  • Check icon
    Concentration of fourth-party technologies

Vendor risk report

Generate an in-depth PDF report that can be shared with internal stakeholders and vendors.
  • Check icon
    Outlines security posture of vendor
  • Check icon
    Configure to include automated scanning, questionnaires, and additional evidence
  • Check icon
    Share with colleagues, board members, or vendors without having to invite them to UpGuard
  • Check icon
    Give vendors the context they need to remediate risks
  • Check icon
    Most and least improved vendors
  • Check icon
    Concentration of fourth-party technologies
User profile icon

Business operations

Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.

Roles and permissions

Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.
UpGuard roles and permissions

Account security

Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.
  • Check icon
    SSO options like Microsoft Azure, Okta, and Ping Identity
  • Check icon
    SAML integration

Collaboration notes

Attach notes for your teammates on remediation requests, risk waivers, and data leaks to give them context when they jump into the platform.
UpGuard collaboration notes

Documents and contacts

Capture contact details and store relevant documentation on a vendor directly in the UpGuard platform.
  • Check icon
    Know exactly where to find contact details and documents about a specific vendor

Audit log

Keep track of important events and who performed them inside the UpGuard platform.
  • Check icon
    Searchable
  • Check icon
    Real-time reporting and data
  • Check icon
    Filter by user, event type, and time
  • Check icon
    Streamline workflows
Cloud server icon

Third-party integrations

Integrate and extend the UpGuard platform with other tools with our easy to use API that can save hours of human time.

UpGuard API

Access information about your UpGuard account programmatically.
UpGuard API

ServiceNow integration

Get vendor security ratings in ServiceNow.
  • Check icon
    Add UpGuard as a scoring provider in ServiceNow
  • Check icon
    Automatically add vendors for risk scoring in UpGuard
Pricetag icon

Simple, transparent pricing

Start monitoring your vendors from $15,000 per year.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
Website Security scan resultsWebsite Security scan ratingAbstract shape

Book a free demo

Book a free, personalized onboarding call with one of our cybersecurity experts.