Vendor Registers

Vendor Registers allow you to group vendors and map them to specific compliance zones. This enables structured vendor governance and ensures that vendor risk is assessed in a controlled, auditable manner.

Each register acts as a scoped unit where:

• Vendors are grouped

• Zones are mapped

• Risk assessments are performed

• Review history is maintained

Vendor Risk Assessment (VRA) is conducted at the register level, enabling periodic evaluation of vendor risk posture and due diligence status.

How it works

Register creation and mapping

You create a vendor register by:

• Defining a name and description

• Mapping one or more compliance zones

• Selecting vendors to include in the register

Once created, the register becomes the unit for managing vendor risk assessments.

Vendor Risk Assessment lifecycle

Each register follows a periodic risk assessment workflow:

1. Assessment is triggered

   • A scheduled assessment appears with a due date

2. Assessment is initiated

   • You start the assessment from the register

3. Vendors are evaluated

   • Risk classification is reviewed or updated

   • Due diligence status is verified

   • Vendors can be included or excluded for the assessment

4. Assessment is completed

   • A snapshot of vendor risk posture is recorded

5. History is maintained

   • Completed assessments are logged with metadata

Vendor inclusion logic

• All active vendors are included by default in an assessment

• You can exclude vendors that:

  • Are not yet onboarded

  • Are not applicable for the current cycle

• Excluded vendors:

  • Are skipped for the current assessment

  • Remain part of the register

  • Are included again in future assessments by default

Features

• Create and manage vendor registers

• Map vendors to compliance zones

• Perform periodic vendor risk assessments

• Edit assessment name and scope

• Include or exclude vendors dynamically per assessment

• Track risk classification across vendors

• Monitor due diligence status for high-risk vendors

• Resume in-progress assessments

• Maintain assessment history with audit trail

Use cases

Dashboard actions

Create a vendor register

1. Log in to the Sprinto dashboard.

2. Navigate to Data Library → Vendors → Vendor registers.

1. Click Create Register.

2. In the Register Details panel:

   • Enter the Name of the register.

   • Enter a Description (optional but recommended).

3. Under Zones:

   • Click the dropdown field.

   • Select one or more zones from the list.

   • You can select multiple zones based on your compliance requirements.

4. Under Vendors:

   • To select all vendors:

     • Enable the Select all vendors checkbox.

   • To select specific vendors:

     • Uncheck the Select all vendors checkbox.

     • Manually select vendors one by one from the list.

5. Click Create Register.

Edit or archive a vendor register

1. In the Vendor registers tab, select the required vendor register.

2. Click Edit on the register page.

1. In the Register Details panel:

   1. Update the Name.

   2. Update the Description.

   3. Modify Zones:

      • Add or remove zones using the dropdown.

2. Modify Vendors:

   1. Use the Select all vendors checkbox to include all vendors

   2. Or uncheck it and manually select/deselect specific vendors

3. Click Save Changes.

Archive a vendor register

1. Click Archive.

1. In the confirmation dialog, review the impact message.

2. Click Archive to confirm.

Perform a Vendor Risk Assessment

1. Select the required vendor register.

2. Go to the Vendor risk assessment tab.

3. Click Start assessment.

1. On the assessment page:

   1. Review the risk classification summary at the top.

   2. Review due diligence status for high-risk vendors.

1. Under Assess active vendors:

   1. Review all vendors included in the assessment

   2. Use Edit if you want to Include or exclude vendors from the assessment.

1. For each vendor:

   1. Verify or update the Risk level.

   2. Review the Due diligence status.

   3. Check associated due dates and evidence files.

2. Use Filter or search to narrow down vendors if required.

Complete or pause an assessment

1. Once you have reviewed all vendors:

   • Click Complete risk assessment to finalise.

2. If you want to continue later:

   • Click Resume later.

If the assessment is paused:

• It remains in an active state within the register

• You can return to the register and click Resume assessment to continue

View assessment history

1. Log in to the Sprinto dashboard

2. Navigate to Data Library → Vendors → Vendor registers.

3. Select the required vendor register.

4. Go to the Vendor risk assessment tab.

5. Scroll to the Vendor risk assessment history section.

Here you can view:

• Assessment name

• Assessment date

• Assessed by

• Summary (for example, number of vendors assessed)

Summary

Vendor Registers provide a structured way to group vendors and manage them within compliance zones. Vendor Risk Assessments extend this by enabling controlled, periodic evaluation of vendor risk posture.

With support for dynamic vendor inclusion, editable assessments, and resumable workflows, the system ensures both flexibility and audit readiness for third-party risk management.