# Vendors

### Introduction

Third-party vendors often have access to sensitive systems and data. From a security compliance standpoint, it’s critical to evaluate and monitor the risks associated with these external relationships. Sprinto’s **Vendors** module offers a unified, audit-ready platform to manage vendor information, assess risk, conduct due diligence, and respond to compliance requirements effectively.

### Why It’s Important

Compliance frameworks such as **SOC 2**, **ISO 27001**, **HIPAA**, and **GDPR** mandate regular evaluation and documentation of third-party risks. Without centralised oversight, tracking vendor assessments, documents, and breach incidents becomes operationally challenging and non-compliant.

Sprinto’s vendor management workflow enables you to stay ahead of these challenges with structured processes, automation, and built-in templates—eliminating the need for ad-hoc tools and spreadsheets.

***

### How Sprinto Manages Vendor Risk

The Vendors module is part of Sprinto’s broader Risk and Compliance suite. It enables you to:

* **Add and organise vendors** through discovery, library search, or bulk uploads.
* **Evaluate risk levels** using Sprinto’s scoring rubric or your own risk parameters.
* **Assign due diligence tasks**, upload or request documents, and validate security posture.
* **Send and track questionnaires**, including custom or preloaded templates.
* **Monitor breach events** tied to your vendors, sourced from verified public feeds.
* **Customise scoring models**, add custom fields, and manage vendor-specific documents centrally.

All vendor-related data is tracked and visualised for auditability, including version history, due diligence outcomes, and assessment cycles.

***

### Key Modules

<table><thead><tr><th width="207.37109375">Tab</th><th>Description</th></tr></thead><tbody><tr><td><strong>All vendors</strong></td><td>Central directory for viewing, filtering, and updating vendor records.</td></tr><tr><td><strong>Monitoring</strong></td><td>Track pending due diligence, checks, and alerts in real time.</td></tr><tr><td><strong>Vendor risk assessment</strong></td><td>Conduct periodic assessments and classify risk based on current vendor posture.</td></tr><tr><td><strong>Vendor discovery</strong></td><td>Automatically identify apps used by staff through SSO logs.</td></tr><tr><td><strong>Breach monitoring</strong></td><td>View and respond to breach incidents related to vendors.</td></tr><tr><td><strong>Vendor security questionnaire</strong></td><td>Upload, assign, and review security questionnaires.</td></tr><tr><td><strong>Configuration</strong></td><td>Customise risk rubrics, due diligence logic, document templates, and metadata fields.</td></tr></tbody></table>

***

### Use Cases

<table><thead><tr><th width="220.953125">Scenario</th><th>Description</th></tr></thead><tbody><tr><td><strong>New Vendor Onboarding</strong></td><td>Add a vendor and assign a default risk score and admin for oversight.</td></tr><tr><td><strong>Annual Risk Reviews</strong></td><td>Reassess risk profiles and complete management reviews.</td></tr><tr><td><strong>Due Diligence Automation</strong></td><td>Use Sprinto AI to analyse documents and generate findings.</td></tr><tr><td><strong>Audit Preparation</strong></td><td>Export vendor activity, questionnaire results, and breach history for auditors.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/data-library/vendors.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.