Monitor vendors
Security ratings
Instantly understand your vendors’ security posture with our data-driven, objective, and dynamic security ratings. Our security ratings are generated through the analysis of trusted commercial, open-source, and proprietary threat intelligence feeds and non-intrusive data collection methods.
Vendor security ratings
Instantly understand your vendor’s overall security posture.
- Easy to understand for non-technical stakeholders and senior management
- Updated multiple times a day
- Based on the analysis of each of your vendor’s underlying domains and their security posture
- Takes into account risks identified in UpGuard security questionnaires
Domain security ratings
Explore the security posture of individual domains and drill into issues.
- Based on the analysis of hundreds of individual risks across five risk categories
Custom notifications
UpGuard comes with a host of default notifications, and allows you to create and manage custom notifications as well. These can be used for in-app and email alerts, or webhook triggers.
- Get notified when you organization score drops
- Get notified when a vendor's score drops below a threshold
- Custom notifications can also be used to trigger webhook integrations
- Customize notifications based on labels and vendor tiers
Third-party risk
Get real-time insight into your vendors’ security performance, misconfigurations, and risk profile. Track their performance over time and get started in minutes, not weeks, with our fully integrated solution and API. Because we use externally verifiable information, you can monitor any vendor, instantly.
Vendors
Instantly find and monitor your vendors with just their domain name.
- Instant and continuous visibility into the cyber health of any vendor
- Monitor their security performance over time
- Get notified immediately when their security degrades
Vendor inventory
Vendor inventory helps you find, track, and monitor the security posture of any organization instantly. You can categorize vendors, compare them against industry benchmarks, and see how their security posture is changing over time.
- All monitored vendors in a centralized location
- Easily find vendors using the search bar
- Sort by vendor tier, name, score, or labels
Vendor labels
Labels provide an easy way to tag your vendors with key characteristics, allowing you to easily filter and identify vendors of a specific type
- Easily filter and identify vendors
- Apply actions to vendors with the same labels
- Automatically assign vendors to labels based on Vendor Relationship Questionnaire responses
Vendor tiering
Vendor tiering allows you to classify your vendors based on the inherent risk they pose to your organization, and adjust the level of assessment you do on each vendor as a result.
- Easily filter the vendors list by tier
- See a vendor's tier when viewing any vendor-specific page in the platform
- Customize notifications for a tier of vendors
- Adjust the level of assessment you do on each vendor based on their tier
- Automatically assign tiers based on Vendor Relationship Questionnaire responses
Custom vendor attributes
Attributes provide you with the ability to add additional structured information to manage individual vendor relationships that have common themes.
- Customize and create attributes based on your business requirements and reporting needs
- Improved filtering and sorting allows for more efficient analysis of data
- Easily export vendor information based on common themes for reporting and analysis
- Consolidate key vendor information in one centralized location
- Automatically assign custom attributes based on Vendor Relationship Questionnaire responses
Vendor portfolios
The vendor portfolios feature allows you to organize your monitored vendors by different use-cases into separate lists. Once setup, you can control user access for each of the portfolios.
- Easily filter, view and report the performance of individual portfolios
- Maintain and report on separate vendor portfolios for different departments or groups within your organization
- Manage permissions so that users only have access to the portfolios and vendors they need
- Automatically assign vendors to portfolios based on Vendor Relationship Questionnaire responses
Portfolio risk profile
Identify common cybersecurity issues across your vendor portfolio and request remediation.
- Ordered by severity
- Grouped by finding
- See the number of vendors with the risk
- Filter by risk category, label, or vendor
- Rely on UpGuard’s remediation workflows
Vendor summary
Get an executive-level overview of an individual vendor’s security posture.
- Key vendor information
- Security rating
- Questionnaire and remediation context
- Twelve-month security performance
Risk profile
Understand an individual vendor’s risk profile and drill down into risks shared across their infrastructure.
- Transparent security ratings
- Intelligent risk categories
- Updated daily
- Real-time risk insights
Compliance reporting
The compliance reporting feature enables customers to view their own or their vendor’s risk details (including web risks) mapped against recognized security standards or compliance frameworks like NIST CSF or ISO 27001.
- Assess if your organization or a vendor complies with a security framework
- Easily view sections of the compliance framework that your organization or the vendor does or does not comply with
- Understand the risks detected in specific sections of the compliance framework
Domains and IPs
Dive deep into an individual vendor and view the domains and IPs that belong to them and their corresponding cyber risks.
- See the security rating of each domain and associated risks
- Automatic vendor domain discovery, no manual input needed
- See active and inactive domains
Vulnerabilities
Discover vulnerabilities that may be exploitable in the software that is running on your vendor’s website.
- Automatically detected through exposed information in HTTP headers and website content
- Each vulnerability has CVE ID information and a CVSS, a numerical score between 0 and 10 that reflects the severity
Fourth-party risk
Stop relying on third-parties to monitor your fourth-parties and get instant insight into your fourth-party vendors. While fourth-parties aren’t necessarily contractually connected to your organization, they still represent risk that needs to be monitored.
Concentration risk
Instantly understand your organization’s most common fourth-party vendors.
- Add fourth-parties to your monitored vendors list
- Know how to plan for disaster recovery
- Instantly assess downstream impacts
- Streamline your breach response
Supply chain
Dive deep into an individual vendor’s supply chain and understand the impact fourth-parties on your security posture.
- Identify who your vendors do business with and validate their use of subcontractors
- Validate assessment responses from third-parties on the use of or reliance on fourth-parties
Assess and remediate vendor risk
Risk assessment
Stop using lengthy and error-prone spreadsheet-based risk assessments. Let us guide you each step of the way from documenting the evidence you referenced to adding commentary. When you’re done, you can save your assessment inside the UpGuard platform.
Vendor users
Vendors of UpGuard customers can create a free account to answer questionnaires, complete risk assessments and to create a shared vendor profile.
- Vendors can easily respond to security questionnaires from UpGuard customers
- Vendors can invite collaborators to complete risk assessments requested by UpGuard customers
- Vendors can save answered questionnaires to their shared profile to avoid answering the same questions multiple times
Vendor comparison
UpGuard's vendor comparison tool lets you compare the security posture of up to four vendors side-by-side and dive into the details to see which vendor represents the lowest risk.
- Great way to communicate the security posture of new vendors to stakeholders who may not have security expertise
- Save time when deciding which new vendor to onboard
- Easily evaluate potential alternatives that offer improved security
Vendor risk waivers
Vendor risk waivers let you waive vendor risks identified by automated scanning, security questionnaires and additional evidence.
- Allows you to see a vendor's score after waiving the risks
- Waived vendor risk will stop appearing in the vendor’s risk profile and their security rating will be recalculated for your organization
- Streamline the risk assessment workflow by creating, reviewing and waiving risks within a risk assessment
- View the public risk waivers of other UpGuard customers, and choose whether to accept those risks
Vendor risk matrix
Quickly focus on the most impactful areas of your vendor risk management program by visualizing your vendor portfolio risk by Security Rating and Vendor Tier.
- Identify vendors with the highest risk exposure to the business to drive remediation with your vendors
- Quickly visualize your vendor portolio to enable decision making on which vendor risks to focus on first
- See a filtered list of your vendors and their risks so you can start reducing your cyber risk with maximum impact
Remediation requests
Creating a risk assessment for a vendor allows you to specify the evidence reviewed, document findings based on this evidence, record who conducted the assessment, and more. It provides a way to capture a snapshot of the risks and evidence at the time this vendor was assessed
- Specify the evidence you reviewed as part of the assessment including UpGuard security questionnaires and automated scan results
- Document your findings based on evidence
- Record who conducted the assessment
- Export the assessment as a PDF
- Send remediation requests, track the progress of each item under remediation and have a record of the remediation request embedded directly in a point-in-time risk assessment
- Reduce the time it takes to perform and document a vendor risk assessment
- Efficiently monitor and track the risk assessment of your vendors
Additional evidence
Capture and store security and compliance-related documentation and identify new risks
- Securely store security and compliance-related documentation
- Create risks inside the platform and associate them with a specific vendor
- Use identified risks in risk assessment workflows
Security questionnaires
Accelerate your questionnaire exchange process with powerful automation and a comprehensive questionnaire library. Say goodbye to creating questionnaires from scratch, chasing updates, and manually identifying risks from vendor responses.
Security questionnaires
Automate security questionnaires to get deeper insights into your vendors’ security and scale your security team by 10x.
- Utilize an expanding collection of over thirty pre-configured industry-standard questionnaires
- Automatically discover risks and analyze severity based on vendor responses
- Select multiple vendors, and send them the same questionnaire simultaneously
- Easily set deadlines and send reminders to ensure questionnaires are completed
- Monitor individual and collective questionnaire statuses with detailed progress and change logs
- A sophisticated audit log and messaging built-in
- Quickly review only the answers that have changed with a side-by-side comparison of different version of questionnaires that have been sent to your vendors
Questionnaire library
Use questionnaires based on regulations and best practices from our industry leading library.
- UpGuard questionnaire
- Short-form UpGuard questionnaire
- Combined ISO27001:2022 & NIST CSF 2.0 questionnaire
- Standardized Information Gathering (SIG) Core 2024 questionnaire
- Standardized Information Gathering (SIG) Lite 2024 questionnaire
- Europe’s Digital Operational Resilience Act (DORA)
- India’s Digital Personal Data Protection (DPDP) Act 2023 questionnaire
- ISO 27001 questionnaire
- NIST Cybersecurity framework questionnaire
- PCI DSS questionnaire
- COBIT 5 questionnaire
- ISA 62443-2-1:2009 questionnaire
- ISA 62443-3-3:2013 questionnaire
- GDPR questionnaire
- CIS Controls 7.1 questionnaire
- NIST SP 800-53 Rev. 4 questionnaire
- CCPA questionnaire
- Modern slavery questionnaire
- Pandemic questionnaire
- Security and privacy program questionnaire
- Web application security questionnaire
- Infrastructure security questionnaire
- Physical and data centre security questionnaire
- SolarWinds Questionnaire
- Kaseya Questionnaire
- Apache Log4J - Critical Vulnerability Questionnaire
- HECVAT questionnaire
- HIPAA questionnaire
Questionnaire builder
Questionnaire builder lets you build custom questionnaires for specific use cases as per your requirements. You can use one of our standard questionnaires to get started and edit the questions or create one from scratch.
- Use questionnaire library to get started
- Supports many question types like single-select, multi-select, full text and file uploads
- Supports conditional logics for building sophisticated questionnaires
- Build simple questionnaires for vendor onboarding or complex security questionnaires for vendor risk assessments
- Automatic risk identification and score updates based on the responses
Security profiles
Save time, eliminate the email back and forth, and onboard new vendors faster by accessing the security information of a potential vendor who has published security information to their UpGuard Security Profile.
Vendor security profiles
Eliminate email tennis and instantly access information published by your vendor on their security profile. To accelerate the vendor assessment process, UpGuard also collects and includes publicly available information to the Vendor Security Profile.
- Vendor security rating
- Industry average security rating
- Vendor information
- Completed security questionnaires
- Supporting documentation
- Publicly available security and privacy pages
Workflows
Simplify and accelerate how you request remediation of cybersecurity risks from your third-party vendors. Use our real-time data to provide context to your vendors, rely on our workflows to track progress, and get notified when issues are fixed.
Remediation workflows
Use inbuilt workflows to remediated risks identified in security questionnaires and by the UpGuard platform.
- Fix man-in-the-middle risks
- Find insecure SSL/TLS certificates
- Understand vendor email security
- Enforce HSTS
- Close unnecessary open ports
- Fix vulnerable software
- Prevent HTTP accessibility
- Secure cookie configuration
Remediation planner
See the potential improvement in security ratings from remediating a risk or set of risks instead of knowing the impact after the fact.
- See how specific risks impact security ratings
- Prioritize risks to be mitigated based on the improvement in rating
- Securely create and share a remediation plan with your team or your vendors within UpGuard
- Collaborate with internal teams and third-party vendors within UpGuard
- Track the progress of each remediation request in a centralized location
Managed vendor assessments
Get insight into your third-party risk without the manual effort. Let us take on the complex task of conducting vendor risk assessments, and alleviate the challenges you’re facing from a lack of specialized skills and limited internal capacity. With our expert analysts, your business can concentrate on growth and innovation, assured that your vendor risk assessments are thorough, insightful, and current.
Comprehensive risk assessment
Extensive vendor risk evaluations through attack surface scans, document analysis, and security questionnaires.
- Request a managed risk assessment in one click
- Receive regular updates and track the progress of your risk assessments
- Integrated scanning, documentation, and questionnaires used to identify vendor risks
- Utilization of existing evidence, without reliance on security questionnaires, to prepare the report
- Report mapped to industry frameworks
- Receive a comprehensive risk assessment PDF report
Actionable reports
Best practice report aligned to standardized control groups, with key risks highlighted to prioritize action planning.
- Classification of risks, mapped to 6 categories and 18 control groups
- Easy-to-read report with engaging visuals
- Summary of key risks to share with internal stakeholders
- Clear statement of risks and compensating control information to drive remediation plans
UpGuard analyst
Experienced in-house cybersecurity analysts oversee the risk assessment process and vendor communication.
- A designated analyst to manage the end-to-end process
- Rely on the analyst's deep expertise and experience to prepare your risk assessments
- Analyst liaises with the vendor to capture missing information
Manage vendor risk
Reporting and insights
The Reports Library makes it easier and faster for you to access tailor made reports for different stakeholders, all in one centralized location. Effectively report on your third-party risk management program, including to the Board and C-Suite and other interested parties.
Executive reporting
Use our prebuilt executive reporting suite to get insights right inside the platform. With structure access to your data, you can do things such as: see your average vendor security rating and twelve-month history, explore your current vendor risk ratings breakdown, and find your highest and lowest rated vendors.
- Board Summary report provides a high level snapshot of key factors about your company's cyber security posture
- Prebuilt reporting for your third-party risk management program
- Current average vendor rating and twelve-month history
- Distribution of vendor ratings and twelve-month comparison
- Highest and lowest-rated vendors
- Most and least improved vendors
- Concentration of fourth-party technologies
Vendor risk report
Generate an in-depth PDF report that can be shared with internal stakeholders and vendors.
- Summarized or detailed Vendor Summary report to help reduce third party risks
- Outlines security posture of vendor
- Configure to include automated scanning, questionnaires, and additional evidence
- Share with colleagues, board members, or vendors without having to invite them to UpGuard
- Give vendors the context they need to remediate risks
- Most and least improved vendors
- Concentration of fourth-party technologies
Vendor subsidiaries
Single view that allows you to see the security performance of a vendor organisation with multiple subsidiaries
- A vendor's entire security posture in one place
- Drill into vendor's subsidiary security performance
- Easily navigate between vendor's subsidiaries
- Whole-of-organisation view that lets you see how individual risks affect vendor's entire portfolio
Custom report templates
Ensure consistency and standardization of your reports by creating and saving custom report templates.
- Add custom commentary and configure which elements to include in your report
- Save time and create templates that can be utilized by your team to run custom reports
Business operations
Share access to your UpGuard account with other team members with confidence. Each user gets an individual account with fine-grained access control.
Roles and permissions
Tailor access for your team to ensure that sensitive information and actions are protected. Keep track of who has access to your UpGuard account and remove team members easily.
- Get fine-grained control on providing specific users access to specific products and features
- Create roles, and associate permissions with these
- Grant users access to a role
- A change in permission associated with a role applies to all users with that role
Templates
Templates lets administrators set up templates for remediation requests, risk assessments, and questionnaires sent from the UpGuard platform.
- Save time and ensure consistency
- Uniformity across teams and processes
- Reduce mistakes and errors caused by copying and pasting text across documents
Co-branding
Co-branding lets you add your company branding to all emails and any vendor risk reports generated in the UpGuard platform.
- Showcase your brand in all external communications done via emails
- Create professional security reports with your branding on it
- Make it easier for vendors to recognize questionnaires sent by you by adding your logo to it
Account security
Secure access to the UpGuard platform and your account data. Integrate with various SSO options like Microsoft Azure, Okta, and Ping Identity. As long as your identity provider has a SAML interface we can integrate with it.
- SSO options like Microsoft Azure, Okta, and Ping Identity
- SAML integration
Collaboration notes
Attach notes for your teammates on remediation requests, risk waivers, and data leaks to give them context when they jump into the platform.
Documents and contacts
Capture contact details and store relevant documentation on a vendor directly in the UpGuard platform.
- Know exactly where to find contact details and documents about a specific vendor
Audit log
Keep track of important events and who performed them inside the UpGuard platform.
- Searchable
- Real-time reporting and data
- Filter by user, event type, and time
- Streamline workflows
Scheduled reports
Use the reports feature to see the status of queued reports, and download, delete or archive completed reports.
- See all exported reports in one place
- Hit export and continue working while the report gets generated in the background
- Create and manage schedules for any recurring reports
Shared assets
Vendor information collected by an entity in a larger group of companies can now be shared with other related entities by easily providing them access to it within the UpGuard Vendor Risk platform.
- Use evidences collected by related entities
- Reuse existing risk assessments
- Avoid repetition and save time
- Greater visibility of the total risk exposure to a vendor
Third-party integrations
Integrate and extend the UpGuard platform with other tools with our easy to use API that can save hours of human time.
Jira integration
Quickly and easily push events and notifications from UpGuard into any Jira project, giving you the flexibility to manage workflows to address security risks promptly
- Save time by quickly creating Jira issues, prioritizing, and assigning them to the relevant person
- Ensure people receive the correct information so they can promptly investigate and remediate security risks
- Easily maintain your workflow and present only the information you want to the relevant people in your team
Slack integration
Connect UpGuard to your Slack workspace to get the notifications you need directly into a Slack channel of your choice, giving you the flexibility to display the information you need to act promptly.
- Easily integrate your Slack workplace to receive notifications from UpGuard
- Setup triggers for notifications, decide what Slack channel to send them to, and customize your messages.
- Get instantly notified on Slack, and remediate security faster
Zapier integration
Using Zapier, an automation platform that connects to thousands of apps, you can now connect UpGuard to any other app that Zapier supports.
- Automate regularly used workflows without coding
- Connect UpGuard to thousands of apps on the Zapier platform like JIRA, Trello, Google Sheets, ServiceNow and many more
- Get instant notifications on Slack, Microsoft Teams and other collaboration apps and remediate security faster
ServiceNow integration
Get vendor security ratings in ServiceNow.
- Add UpGuard as a scoring provider in ServiceNow
- Automatically add vendors for risk scoring in UpGuard
UpGuard API
Access information about your UpGuard account programmatically.
UpGuard Vendor Risk Datasheet
UpGuard Vendor Risk continuously monitors your vendors, automates security questionnaires, and reduces third and fourth-party risk.
- Key features and benefits of UpGuard Vendor Risk
- More info on UpGuard Vendor Risk and UpGuard