# How it Works Sprinto’s **Vendors** module enables you to track and manage the risks associated with third-party vendors. It streamlines the entire vendor lifecycle—from discovery to ongoing assessment—helping you stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. Here’s how it works: #### Step 1: Discover vendors used across your organisation Connect your SSO provider (Google Workspace, Okta, or Office 365) to automatically identify third-party applications accessed by your team. * View discovered vendors under the **Vendor discovery** tab. * Choose to **Add**, **Dismiss**, or **Validate** each vendor. * Manage connected domains from the **Manage Vendor Discovery** panel. *** #### Step 2: Add vendors to Sprinto Add vendors using one of the following options: * **Vendor Library** – Select from Sprinto’s curated list of vendors. * **Bulk Upload** – Use the CSV template to add multiple vendors at once. * **Manual Entry** – Enter vendor details directly in the UI. All added vendors appear under the **All vendors** tab. *** #### Step 3: Configure and apply vendor risk scoring Sprinto auto-scores vendors based on: * Type of data shared (e.g., credentials, cardholder data) * Operational impact * Access to company systems You can override scores, add custom risk factors, or edit responses under the **Configuration** tab. *** #### Step 4: Assign vendor admins Each vendor is assigned a Sprinto admin responsible for completing risk checks and due diligence. Vendor admins are notified via email and tracked under the **All vendors** section. *** #### Step 5: Complete due diligence Evaluate vendor security posture by: * Uploading documents manually * Requesting documents via email * Using Sprinto AI to analyse reports and generate findings Track progress under the **Due diligence** tab for each vendor. *** #### Step 6: Send and review security questionnaires Create or upload a custom security questionnaire and send it to vendors. Vendors respond via a secure link. You can review, download, and export their responses from the **Vendor security questionnaire** tab. *** #### Step 7: Monitor breaches and incidents View vendor-related breach alerts under the **Breach monitoring** tab. Each entry includes: * Impacted vendor * Reported date * Source of breach * Actions taken (manually added) You can also enable breach notifications for your team. *** #### Step 8: Perform periodic vendor risk assessments Use the **Vendor risk assessment** tab to: * Review all active vendors * Exclude vendors from a cycle * Track due diligence status * Complete and submit assessments for review --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/data-library/vendors/how-it-works.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.