Sprinto Dashboard

Configure Vendor Risk Scoring, Fields, and Documents

Learn how to configure vendor risk scoring, AI-based due diligence, custom fields, and shared documents in Sprinto.

Sprinto’s Configuration tab in the Vendors section allows you to tailor your vendor risk management framework to suit your compliance and operational needs. From defining custom scoring logic to managing metadata fields and documents, the configuration workspace ensures your vendor workflows are aligned with internal policies and industry frameworks.

1. Configure Vendor Risk Auto-Scoring

Sprinto provides a default scoring model that you can customise by editing or adding your own risk factors.

Steps:

  1. Navigate to Data Library > Vendors > Configuration.

  2. Under Vendor Risk Auto-Scoring, click Manage.

  3. Review existing risk factors, such as:

    • Type of data shared

    • Operational impact

    • Access to company systems

  4. To edit a factor:

    • Click the three-dot menu next to a factor.

    • Select Edit or Add Value.

  5. To add a new factor:

    • Scroll to the bottom and click Add Risk Factor.

    • Choose a response type (single or multi-select).

    • Define scoring values and save.

Changes can be applied retroactively or kept only for new assessments.

2. Enable AI-Powered Due Diligence

Sprinto AI helps you automatically evaluate security documents submitted by vendors.

Steps:

  1. In the Configuration tab, locate the Due Diligence using Sprinto AI section.

  2. Click Manage to see details of AI-supported frameworks (e.g., SOC 2, ISO).

  3. Enable Sprinto AI for supported documents.

AI analysis is optional; manual review is always available as a fallback.

3. Manage Custom Fields for Vendors

Custom fields allow you to capture organisation-specific metadata (e.g., business unit, compliance contact, renewal date).

Steps:

  1. In the Configuration tab, scroll to Custom Fields.

  2. Click Manage.

  3. You’ll be redirected to Settings > Custom Fields.

  4. Click Create Custom Field and define:

    • Field name and type (e.g., dropdown, date, text)

    • Module (Vendor is selected by default)

    • Selection values or constraints

  5. Save the field and return to vendor profiles to start using it.

Disabled fields are hidden from the UI but data is retained.

4. Define Shared Vendor Documents

You can predefine a list of documents that must be collected from vendors during due diligence.

Steps:

  1. In the Configuration tab, find the Documents for Vendors section.

  2. Click Manage.

  3. Add, edit, or remove required document types.

    • Examples: SOC 2 Report, Penetration Test Report, Privacy Policy

  4. Changes apply across all vendors.

These document types appear as selectable options when uploading or requesting documents.

PreviousMonitor Vendor Status and BreachesNextFrequently Asked Questions

Last updated