UpGuard Release Notes

Previously released only to a beta group, the vendor relationship questionnaire feature is now available to all UpGuard Vendor Risk customers. 

To streamline internal collaboration and quickly understand the level of depth required when assessing a new vendor, you can now send a vendor relationship questionnaire to the relevant members of your organization. This enables you to gather and store key information about how you work with your vendors from within Vendor Risk. 

Visit how to use vendor relationship questionnaires to learn how you can set up and use this feature. 

If you would like to join our beta program for early access to future features, please talk to your Technical Account Manager or contact support@upguard.com.

Other improvements

• You can now filter Vendor Risk questionnaires by status. This enables you to quickly filter your view – for example, to see all questionnaires that are currently in review. 
• This release also includes a number of bug fixes.

Learn about new features, changes, and improvements to UpGuard this month:

We have made it easier for you to communicate with your vendors using in-line messages and notes when sending and completing questionnaires.

To drive collaboration and streamline the process, you can now add messages to individual questions within a questionnaire, making it easier to seek clarification on any responses. You will be able to communicate directly with vendors and provide specific instruction on individual questions, allowing vendors to easily seek information from you to speed up the whole process.

This enhancement also allows you to add private notes to individual questions that are only visible to users in your organization. 

These features were previously only available at the overall questionnaire level.

To learn more about how this works you can visit Adding and viewing messages and notes in Security Questionnaires.

Features moving out of Beta

The following features, previously available in limited beta, are now more widely available to Vendor Risk customers as part of this release:

• The ‘Monitor Vendor’ page has a new look, which enables you to efficiently manage your vendors, by allowing you to review and edit vendor information, add the vendor to portfolios, add vendor tiering and labels, and trigger a vendor relationship questionnaire when onboarding a new vendor.
• Vendor portfolios, which allow you to efficiently group monitored organizations into seperate lists for easier management. You will be able to add up to 5 portfolios as part of this release (moved to open beta for all vendor risk customers on Starter, Professional, Corporate and Enterprise plans). For help setting up and using vendor portfolios, you can visit How to use portfolios to segment your vendors.

Other improvements

• This release includes a number of bug fixes

The Vendor Relationship Questionnaire streamlines the process for capturing all relevant  information when onboarding a new vendor, and the new Vendor Portfolios ensures easier categorization and vendor management in addition to the already existing labels and vendor tiering features.

Both of these features have been released to our beta customers ahead of the full release. Please talk to your Technical Account Manager or contact support@upguard.com to find out how to join our beta program to gain early access to these features.

Vendor Relationship Questionnaire

Streamline collaboration within your organization when onboarding a new vendor with the Vendor Relationship Questionnaire. This feature enables you to gather and store key information from the people managing the vendor relationship, allowing you to simplify the overall risk assessment process.

For help with setting up and using your Vendor Relationship Questionnaire you can visit How to use vendor relationship questionnaires.

Vendor Portfolios

You can now efficiently group monitored organizations into seperate lists using the portfolios feature. Portfolios allow you to limit access so that individual users within your team only see the vendors relevant to them. Once setup, this feature allows you to:

• Easily filter, view and report the performance of  individual portfolios
• Maintain and report on separate vendor portfolios for different departments or groups within your organization
• Manage permissions so that users only have access to the portfolios and vendors they need.

For help with setting up and using Vendor Portfolios you can visit How to use portfolios to segment your vendors.

Other improvements

• This release includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

We’ve made it easier to quickly find questionnaires, with upgrades to the existing ‘Search Questionnaires’ functionality. 

This includes the ability to search by:

• Vendor name
• Sender name
• Questionnaire name
• Questionnaire type

You can also apply ‘vendor name’ as a filter, in addition to tier, label and score.  For help sending a security questionnaire to your vendors, you can visit ‘How to send security questionnaires in UpGuard Vendor Risk’.

Other improvements

• Added a 'Remediation' flag to the questionnaire API output 
• Other bug fixes

You now have the flexibility to send tailored notifications to any email address, including other domains, recipients who are not UpGuard users, and group addresses such as security@mycompany.com.

Building the right notification process is critical when securing your company and customer data. By setting up an email integration, this allows you: 

• The flexibility to automatically notify any email address when a specific event occurs, such as when a new domain or IP is added to your company for verification by the IT department.
• The ability to customize the messaging for each notification, to provide the required context and information.

For help setting up an email integration, check out 'How to create an email integration in UpGuard'.

Request remediation on shared profile questionnaires

Creating a shared profile is a great way to proactively share your organization’s security posture and related documentation with current and prospective vendors to expedite the assessment process. Now, when you have been provided access to a questionnaire through a shared profile, you can request remediation of these risks directly. For more information, see 'How to remediate risks from shared questionnaires'.

Other improvements

• This release includes a number of bug fixes

Learn about new features, changes, and improvements to UpGuard this month.

One of the key reasons why many organizations look to UpGuard is to reduce the time it takes to perform and document a vendor risk assessment. With remediation requests within the risk assessment, you can now send remediation requests, track the progress of each item under remediation and have a record of the remediation request embedded directly in a point-in-time risk assessment. For help, please see  ‘How to complete a risk assessment’.

Other improvements

• This release includes a number of bug fixes

Stay up to date with your organization’s attack surface changes with the new Breach Risk email digest. You’ll receive a monthly email outlining any changes to your security rating, information about any risks added or resolved, updates to IPs and domains as well as a quick way to review and resolve any associated risks. You can enable/disable this feature in the Manage Notifications section on your home page or from the link within the email itself.

Other improvements

• Add and remove custom domains/IPs using the public API
• Add descriptions to files uploaded to questionnaires
• Bug fixes

Jira Cloud Integration

You can now send issues directly into your Jira Cloud project from UpGuard with our native Jira Cloud integration. Most Jira issue field types are supported and can be automated based on the content of a notification, providing robust customization options. For example, you could set up this integration to assign a Jira issue to a specific person whenever we detect a new vulnerability among your web assets. Check out this article to learn how to set up the Jira Cloud Integration. 

Essential Eight Questionnaire

The Australian Cyber Security Center (ACSC) developed the Essential Eight in 2017 to protect Microsoft Windows-based internet-connected networks. While the Essential Eight may be applied to cloud services, enterprise mobility, or other operating systems, it was not primarily designed for such purposes. Alternative mitigation strategies may be more appropriate to mitigate unique cyber threats to these environments. 

This iteration of the UpGuard Essential Eight Questionnaire will assess your vendors thoroughly across all eight mitigation strategies and provide the risks identified and scoring out of 950 (as our other questionnaires operate). We understand that the Essential Eight is typically based on maturity ratings which we may explore in future iterations of this questionnaire.

The Essential Eight Questionnaire can be used in conjunction with UpGuard's Anatomy of a Cloud questionnaire to analyze organizations’ cloud computing environments further.

Other improvements

• You can now amend/edit remediation requests.
• Bug fixes

Learn about new features, changes, and improvements to UpGuard this month.