Sprinto Dashboard

How it Works

Understand how Sprinto’s Vendors section helps manage third-party risk through discovery, scoring, due diligence, and monitoring.

Sprinto’s Vendors module enables you to track and manage the risks associated with third-party vendors. It streamlines the entire vendor lifecycle—from discovery to ongoing assessment—helping you stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, and GDPR.

Here’s how it works:

Step 1: Discover vendors used across your organisation

Connect your SSO provider (Google Workspace, Okta, or Office 365) to automatically identify third-party applications accessed by your team.

  • View discovered vendors under the Vendor discovery tab.

  • Choose to Add, Dismiss, or Validate each vendor.

  • Manage connected domains from the Manage Vendor Discovery panel.

Step 2: Add vendors to Sprinto

Add vendors using one of the following options:

  • Vendor Library – Select from Sprinto’s curated list of vendors.

  • Bulk Upload – Use the CSV template to add multiple vendors at once.

  • Manual Entry – Enter vendor details directly in the UI.

All added vendors appear under the All vendors tab.

Step 3: Configure and apply vendor risk scoring

Sprinto auto-scores vendors based on:

  • Type of data shared (e.g., credentials, cardholder data)

  • Operational impact

  • Access to company systems

You can override scores, add custom risk factors, or edit responses under the Configuration tab.

Step 4: Assign vendor admins

Each vendor is assigned a Sprinto admin responsible for completing risk checks and due diligence. Vendor admins are notified via email and tracked under the All vendors section.

Step 5: Complete due diligence

Evaluate vendor security posture by:

  • Uploading documents manually

  • Requesting documents via email

  • Using Sprinto AI to analyse reports and generate findings

Track progress under the Due diligence tab for each vendor.

Step 6: Send and review security questionnaires

Create or upload a custom security questionnaire and send it to vendors. Vendors respond via a secure link. You can review, download, and export their responses from the Vendor security questionnaire tab.

Step 7: Monitor breaches and incidents

View vendor-related breach alerts under the Breach monitoring tab. Each entry includes:

  • Impacted vendor

  • Reported date

  • Source of breach

  • Actions taken (manually added)

You can also enable breach notifications for your team.

Step 8: Perform periodic vendor risk assessments

Use the Vendor risk assessment tab to:

  • Review all active vendors

  • Exclude vendors from a cycle

  • Track due diligence status

  • Complete and submit assessments for review

PreviousVendorsNextDashboard Actions

Last updated