# Glossary

This glossary defines important terms used throughout the **Vendors** section in Sprinto. It is designed to help you quickly understand key features, statuses, and fields that appear across the vendor management workflow.

***

### Glossary

<table><thead><tr><th width="159.5234375">Term</th><th>Definition</th></tr></thead><tbody><tr><td><strong>Vendor</strong></td><td>A third-party entity or service provider with access to your organisation’s data, systems, or infrastructure.</td></tr><tr><td><strong>Vendor Library</strong></td><td>A curated list of preloaded vendors available in Sprinto, including metadata such as website, category, and risk level.</td></tr><tr><td><strong>Vendor Discovery</strong></td><td>A feature that identifies third-party services accessed by staff via connected SSO platforms like Google Workspace or Okta.</td></tr><tr><td><strong>Vendor Admin</strong></td><td>The internal Sprinto user responsible for managing compliance tasks related to a specific vendor.</td></tr><tr><td><strong>Risk Scoring</strong></td><td>The process of assigning a risk level to a vendor based on data sensitivity, access level, and operational importance.</td></tr><tr><td><strong>Due Diligence</strong></td><td>A compliance task to evaluate a vendor’s security posture by reviewing supporting documents and/or questionnaire responses.</td></tr><tr><td><strong>Sprinto AI</strong></td><td>An automated analysis engine that reviews vendor security documents (e.g., SOC 2, ISO) and generates findings.</td></tr><tr><td><strong>Security Questionnaire</strong></td><td>A structured set of questions sent to vendors to evaluate their security controls and practices.</td></tr><tr><td><strong>Monitoring Tab</strong></td><td>A dashboard view displaying vendors with open compliance tasks, such as incomplete due diligence or overdue assessments.</td></tr><tr><td><strong>Breach Monitoring</strong></td><td>A feature that tracks public data breach disclosures related to your vendors and displays them in the dashboard.</td></tr><tr><td><strong>Custom Fields</strong></td><td>Additional metadata fields created by your organisation to store vendor-specific information (e.g., region, renewal date).</td></tr><tr><td><strong>Archived Vendor</strong></td><td>A vendor that has been removed from active monitoring and assessment but remains stored for record-keeping.</td></tr><tr><td><strong>Configuration Tab</strong></td><td>A settings interface where you define risk scoring logic, enable AI review, and manage shared document types.</td></tr><tr><td><strong>Assessment Cycle</strong></td><td>A periodic review of all vendors to confirm their risk status and compliance posture, typically reviewed by senior management.</td></tr><tr><td><strong>Shared Documents</strong></td><td>Document types (e.g., SOC 2 Report, Privacy Policy) expected to be collected from each vendor as part of due diligence.</td></tr></tbody></table>