# Vendor Registers

Vendor Registers allow you to group vendors and map them to specific compliance zones. This enables structured vendor governance and ensures that vendor risk is assessed in a controlled, auditable manner.

Each register acts as a scoped unit where:

* Vendors are grouped
* Zones are mapped
* Risk assessments are performed
* Review history is maintained

Vendor Risk Assessment (VRA) is conducted at the register level, enabling periodic evaluation of vendor risk posture and due diligence status.

***

### How it works

#### Register creation and mapping

You create a vendor register by:

* Defining a name and description
* Mapping one or more compliance zones
* Selecting vendors to include in the register

Once created, the register becomes the unit for managing vendor risk assessments.

***

#### Vendor Risk Assessment lifecycle

Each register follows a periodic risk assessment workflow:

1. **Assessment is triggered**
   * A scheduled assessment appears with a due date
2. **Assessment is initiated**
   * You start the assessment from the register
3. **Vendors are evaluated**
   * Risk classification is reviewed or updated
   * Due diligence status is verified
   * Vendors can be included or excluded for the assessment
4. **Assessment is completed**
   * A snapshot of vendor risk posture is recorded
5. **History is maintained**
   * Completed assessments are logged with metadata

***

#### Vendor inclusion logic

* All **active vendors are included by default** in an assessment
* You can exclude vendors that:
  * Are not yet onboarded
  * Are not applicable for the current cycle
* Excluded vendors:
  * Are skipped for the current assessment
  * Remain part of the register
  * Are included again in future assessments by default

***

### Features

* Create and manage vendor registers
* Map vendors to compliance zones
* Perform periodic vendor risk assessments
* Edit assessment name and scope
* Include or exclude vendors dynamically per assessment
* Track risk classification across vendors
* Monitor due diligence status for high-risk vendors
* Resume in-progress assessments
* Maintain assessment history with audit trail

***

### Use cases

<table><thead><tr><th width="226.09375">Use case</th><th>Description</th></tr></thead><tbody><tr><td>Compliance segmentation</td><td>Group vendors based on regulatory or organisational zones</td></tr><tr><td>Audit readiness</td><td>Maintain periodic vendor risk assessments with historical records</td></tr><tr><td>Risk governance</td><td>Track and manage vendor risk posture across business units</td></tr><tr><td>Flexible assessments</td><td>Exclude vendors that are not relevant for a specific cycle</td></tr><tr><td>Due diligence tracking</td><td>Ensure high-risk vendors are reviewed appropriately</td></tr><tr><td>Operational continuity</td><td>Resume incomplete assessments without data loss</td></tr></tbody></table>

***

### Dashboard actions

#### Create a vendor register

1. Log in to the **Sprinto dashboard.**
2. Navigate to **Data Library → Vendors → Vendor registers.**

<figure><img src="/files/3XkVcVhidJqMUpIlRnIL" alt="" width="563"><figcaption></figcaption></figure>

3. Click **Create Register.**
4. In the **Register Details** panel:
   * Enter the **Name** of the register.
   * Enter a **Description** (optional but recommended).
5. Under **Zones**:
   * Click the dropdown field.
   * Select one or more zones from the list.
   * You can select multiple zones based on your compliance requirements.
6. Under **Vendors**:
   * To select all vendors:
     * Enable the **Select all vendors** checkbox.
   * To select specific vendors:
     * Uncheck the **Select all vendors** checkbox.
     * Manually select vendors one by one from the list.
7. Click **Create Register.**

<figure><img src="/files/QNFVVDimjA5TGCPs2CJL" alt="" width="369"><figcaption></figcaption></figure>

***

#### Edit or archive a vendor register

1. In the Vendor registers tab, select the required vendor register.
2. Click **Edit** on the register page.

<figure><img src="/files/Ee8ef747FNZZSbs36wra" alt="" width="563"><figcaption></figcaption></figure>

3. In the **Register Details** panel:
   1. Update the **Name.**
   2. Update the **Description.**
   3. Modify **Zones**:
      * Add or remove zones using the dropdown.
4. Modify **Vendors**:
   1. Use the **Select all vendors** checkbox to include all vendors
   2. Or uncheck it and manually select/deselect specific vendors
5. Click **Save Changes.**

<figure><img src="/files/1QI5DtoBJuw82Ca6yX23" alt="" width="375"><figcaption></figcaption></figure>

***

**Archive a vendor register**

1. Click **Archive.**

<figure><img src="/files/vZ4ccM15cgNS95R2mH3i" alt="" width="563"><figcaption></figcaption></figure>

2. In the confirmation dialog, review the impact message.
3. Click **Archive** to confirm.

<figure><img src="/files/Htetv7xuXquUgYVxgyU2" alt="" width="563"><figcaption></figcaption></figure>

***

#### Perform a Vendor Risk Assessment

1. Select the required vendor register.
2. Go to the **Vendor risk assessment** tab.
3. Click **Start assessment.**

<figure><img src="/files/g3D261Vf7SQXLuXID5Qy" alt="" width="563"><figcaption></figcaption></figure>

4. On the assessment page:
   1. Review the **risk classification summary** at the top.
   2. Review **due diligence status** for high-risk vendors.

<figure><img src="/files/KPR3PZBKkOGeHYD47GLb" alt="" width="563"><figcaption></figcaption></figure>

5. Under **Assess active vendors**:
   1. Review all vendors included in the assessment
   2. Use **Edit** if you want to Include or exclude vendors from the assessment.

<figure><img src="/files/Jj99DqENb2DSCNtnqzCa" alt="" width="563"><figcaption></figcaption></figure>

6. For each vendor:
   1. Verify or update the **Risk level.**
   2. Review the **Due diligence status.**
   3. Check associated **due dates** and **evidence files.**
7. Use **Filter** or search to narrow down vendors if required.

***

#### Complete or pause an assessment

1. Once you have reviewed all vendors:
   * Click **Complete risk assessment** to finalise.
2. If you want to continue later:
   * Click **Resume later.**

***

**If the assessment is paused:**

* It remains in an **active state** within the register
* You can return to the register and click **Resume assessment** to continue

***

#### View assessment history

1. Log in to the **Sprinto dashboard**
2. Navigate to **Data Library → Vendors → Vendor registers.**
3. Select the required vendor register.
4. Go to the **Vendor risk assessment** tab.
5. Scroll to the **Vendor risk assessment history** section.

***

Here you can view:

* **Assessment name**
* **Assessment date**
* **Assessed by**
* **Summary** (for example, number of vendors assessed)

***

### Summary

Vendor Registers provide a structured way to group vendors and manage them within compliance zones. Vendor Risk Assessments extend this by enabling controlled, periodic evaluation of vendor risk posture.

With support for dynamic vendor inclusion, editable assessments, and resumable workflows, the system ensures both flexibility and audit readiness for third-party risk management.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/data-library/vendors/dashboard-actions/vendor-registers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.