| Vendor | A third-party entity or service provider with access to your organisation’s data, systems, or infrastructure. |
| Vendor Library | A curated list of preloaded vendors available in Sprinto, including metadata such as website, category, and risk level. |
| Vendor Discovery | A feature that identifies third-party services accessed by staff via connected SSO platforms like Google Workspace or Okta. |
| Vendor Admin | The internal Sprinto user responsible for managing compliance tasks related to a specific vendor. |
| Risk Scoring | The process of assigning a risk level to a vendor based on data sensitivity, access level, and operational importance. |
| Due Diligence | A compliance task to evaluate a vendor’s security posture by reviewing supporting documents and/or questionnaire responses. |
| Sprinto AI | An automated analysis engine that reviews vendor security documents (e.g., SOC 2, ISO) and generates findings. |
| Security Questionnaire | A structured set of questions sent to vendors to evaluate their security controls and practices. |
| Monitoring Tab | A dashboard view displaying vendors with open compliance tasks, such as incomplete due diligence or overdue assessments. |
| Breach Monitoring | A feature that tracks public data breach disclosures related to your vendors and displays them in the dashboard. |
| Custom Fields | Additional metadata fields created by your organisation to store vendor-specific information (e.g., region, renewal date). |
| Archived Vendor | A vendor that has been removed from active monitoring and assessment but remains stored for record-keeping. |
| Configuration Tab | A settings interface where you define risk scoring logic, enable AI review, and manage shared document types. |
| Assessment Cycle | A periodic review of all vendors to confirm their risk status and compliance posture, typically reviewed by senior management. |
| Shared Documents | Document types (e.g., SOC 2 Report, Privacy Policy) expected to be collected from each vendor as part of due diligence. |