# Vendors

### Introduction

Third-party vendors often have access to sensitive systems and data. From a security compliance standpoint, it’s critical to evaluate and monitor the risks associated with these external relationships. Sprinto’s **Vendors** module offers a unified, audit-ready platform to manage vendor information, assess risk, conduct due diligence, and respond to compliance requirements effectively.

### Why It’s Important

Compliance frameworks such as **SOC 2**, **ISO 27001**, **HIPAA**, and **GDPR** mandate regular evaluation and documentation of third-party risks. Without centralised oversight, tracking vendor assessments, documents, and breach incidents becomes operationally challenging and non-compliant.

Sprinto’s vendor management workflow enables you to stay ahead of these challenges with structured processes, automation, and built-in templates—eliminating the need for ad-hoc tools and spreadsheets.

***

### How Sprinto Manages Vendor Risk

The Vendors module is part of Sprinto’s broader Risk and Compliance suite. It enables you to:

* **Add and organise vendors** through discovery, library search, or bulk uploads.
* **Evaluate risk levels** using Sprinto’s scoring rubric or your own risk parameters.
* **Assign due diligence tasks**, upload or request documents, and validate security posture.
* **Send and track questionnaires**, including custom or preloaded templates.
* **Monitor breach events** tied to your vendors, sourced from verified public feeds.
* **Customise scoring models**, add custom fields, and manage vendor-specific documents centrally.

All vendor-related data is tracked and visualised for auditability, including version history, due diligence outcomes, and assessment cycles.

***

### Key Modules

<table><thead><tr><th width="207.37109375">Tab</th><th>Description</th></tr></thead><tbody><tr><td><strong>All vendors</strong></td><td>Central directory for viewing, filtering, and updating vendor records.</td></tr><tr><td><strong>Monitoring</strong></td><td>Track pending due diligence, checks, and alerts in real time.</td></tr><tr><td><strong>Vendor risk assessment</strong></td><td>Conduct periodic assessments and classify risk based on current vendor posture.</td></tr><tr><td><strong>Vendor discovery</strong></td><td>Automatically identify apps used by staff through SSO logs.</td></tr><tr><td><strong>Breach monitoring</strong></td><td>View and respond to breach incidents related to vendors.</td></tr><tr><td><strong>Vendor security questionnaire</strong></td><td>Upload, assign, and review security questionnaires.</td></tr><tr><td><strong>Configuration</strong></td><td>Customise risk rubrics, due diligence logic, document templates, and metadata fields.</td></tr></tbody></table>

***

### Use Cases

<table><thead><tr><th width="220.953125">Scenario</th><th>Description</th></tr></thead><tbody><tr><td><strong>New Vendor Onboarding</strong></td><td>Add a vendor and assign a default risk score and admin for oversight.</td></tr><tr><td><strong>Annual Risk Reviews</strong></td><td>Reassess risk profiles and complete management reviews.</td></tr><tr><td><strong>Due Diligence Automation</strong></td><td>Use Sprinto AI to analyse documents and generate findings.</td></tr><tr><td><strong>Audit Preparation</strong></td><td>Export vendor activity, questionnaire results, and breach history for auditors.</td></tr></tbody></table>