# Vendor Risk Pulse

Risk Pulse provides a unified view of a vendor’s security posture by analysing continuously monitored signals across compliance, security, AI governance, and operational indicators.

The feature aggregates multiple datapoints and evaluates them to generate a **Risk Pulse score**, which represents the vendor’s current risk posture.

Security and compliance teams can use Risk Pulse to evaluate vendor security practices, regulatory alignment, and governance posture before onboarding vendors or during ongoing monitoring.

***

## Features

Risk Pulse provides the following capabilities.

**Unified vendor risk view**\
Combines multiple datapoints across security, compliance, and AI governance to present a consolidated vendor risk profile.

**Risk Pulse score**\
Generates a vendor risk score based on weighted evaluation of security, compliance, and operational signals.

**Compliance visibility**\
Displays vendor posture across recognised compliance frameworks and certifications.

**AI governance insights**\
Evaluates vendor AI governance practices and transparency signals.

**Evidence-backed datapoints**\
Displays references or supporting documentation where available.

***

## Use cases

Risk Pulse supports several vendor risk management workflows.

<table><thead><tr><th width="164.1328125">Use case</th><th>Description</th></tr></thead><tbody><tr><td>Vendor onboarding</td><td>Evaluate a vendor’s security posture before approving the vendor for organisational use.</td></tr><tr><td>Vendor due diligence</td><td>Review vendor compliance posture and governance indicators during vendor risk reviews.</td></tr><tr><td>Security assessments</td><td>Support internal security and compliance teams when evaluating vendor security practices and regulatory alignment.</td></tr><tr><td>Continuous vendor monitoring</td><td>Monitor vendor security posture over time using updated datapoints and signals.</td></tr></tbody></table>

***

## Risk Pulse categories and parameters

Risk Pulse evaluates vendor posture across several categories. Each category contains parameters that contribute to the vendor risk analysis.

<table><thead><tr><th width="132.9765625">Category</th><th>Parameters</th></tr></thead><tbody><tr><td>Overview</td><td>Name, Category, Description, Website, Risk score</td></tr><tr><td>Model architecture</td><td>Model provider, Model type or version, Use of proprietary models, Use of open-source models, Fine-tuned models, Training data composition disclosure, Customer data used for training, Model limitations documented, RLHF methods used, Model input and output logging practices</td></tr><tr><td>Data governance</td><td>Data retention period, Data storage location, Encryption at rest, Encryption in transit, Data deletion controls, Subprocessor list publication, Data residency guarantees, Data sharing with upstream providers, Data poisoning mitigation</td></tr><tr><td>Security controls</td><td>Prompt injection protection, Adversarial robustness testing, Red-team testing, Third-party audits, Penetration testing, Safety guardrails, Incident response programme</td></tr><tr><td>Compliance and certifications</td><td>SOC 2 Type II compliance, ISO 27001 compliance, ISO 27701 compliance, GDPR compliance, CCPA or CPRA compliance, HIPAA compliance, ISO 42001 compliance, EU AI Act compliance, Data Processing Agreement (DPA)</td></tr></tbody></table>

These parameters help Sprinto analyse vendor security posture and calculate the **Risk Pulse score**.

***

## Analyse vendor risk using Risk Pulse

You can analyse vendor risk posture using the Risk Pulse tab in the vendor profile.

### Steps

1. Log in to the Sprinto dashboard.
2. Navigate to **Data Library**.
3. Select **Vendors**.
4. Open the **All vendors** tab.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FfvLka3FsO4eyk5OUAiYq%2FScreenshot%202026-03-05%20at%2018.27.28.png?alt=media&#x26;token=fa196a5a-0313-4e0d-9caa-98896d82032d" alt="" width="563"><figcaption></figcaption></figure>

5. Select the vendor you want to analyse.
6. In the vendor profile, select the **Risk pulse** tab.
7. If vendor data is not available, select **Fetch vendor details**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FrNsdgGsRPXL7DnWAz9z2%2FScreenshot%202026-03-05%20at%2018.28.25.png?alt=media&#x26;token=7b96a119-100d-4c0e-867e-0b926ea50e34" alt="" width="563"><figcaption></figcaption></figure>

Sprinto analyses vendor signals and retrieves relevant datapoints.

After the analysis completes, the **Risk pulse** tab displays the vendor’s risk posture and supporting signals.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2F2yQppZcEsT4JztwpiqLX%2FScreenshot%202026-03-05%20at%2018.29.15.png?alt=media&#x26;token=b8afe274-63f5-4f99-814f-ddb16a8521c7" alt="" width="563"><figcaption></figcaption></figure>

***

## Summary

Risk Pulse helps organisations analyse vendor security posture using continuously monitored signals across compliance, security, and AI governance domains.

By consolidating multiple datapoints into a unified **Risk Pulse score**, the feature enables security teams to:

* evaluate vendor risk more effectively
* support vendor onboarding decisions
* strengthen vendor risk management processes
* monitor vendor posture over time