How it Works

Understand how Sprinto’s Vendors section helps manage third-party risk through discovery, scoring, due diligence, and monitoring.

Sprinto’s Vendors module enables you to track and manage the risks associated with third-party vendors. It streamlines the entire vendor lifecycle—from discovery to ongoing assessment—helping you stay compliant with frameworks like SOC 2, ISO 27001, HIPAA, and GDPR.

Here’s how it works:

Step 1: Discover vendors used across your organisation

Connect your SSO provider (Google Workspace, Okta, or Office 365) to automatically identify third-party applications accessed by your team.

View discovered vendors under the Vendor discovery tab.
Choose to Add, Dismiss, or Validate each vendor.
Manage connected domains from the Manage Vendor Discovery panel.

Step 2: Add vendors to Sprinto

Add vendors using one of the following options:

Vendor Library – Select from Sprinto’s curated list of vendors.
Bulk Upload – Use the CSV template to add multiple vendors at once.
Manual Entry – Enter vendor details directly in the UI.

All added vendors appear under the All vendors tab.

Step 3: Configure and apply vendor risk scoring

Sprinto auto-scores vendors based on:

Type of data shared (e.g., credentials, cardholder data)
Operational impact
Access to company systems

You can override scores, add custom risk factors, or edit responses under the Configuration tab.

Step 4: Assign vendor admins

Each vendor is assigned a Sprinto admin responsible for completing risk checks and due diligence. Vendor admins are notified via email and tracked under the All vendors section.

Step 5: Complete due diligence

Evaluate vendor security posture by:

Uploading documents manually
Requesting documents via email
Using Sprinto AI to analyse reports and generate findings

Track progress under the Due diligence tab for each vendor.

Step 6: Send and review security questionnaires

Create or upload a custom security questionnaire and send it to vendors. Vendors respond via a secure link. You can review, download, and export their responses from the Vendor security questionnaire tab.

Step 7: Monitor breaches and incidents

View vendor-related breach alerts under the Breach monitoring tab. Each entry includes:

Impacted vendor
Reported date
Source of breach
Actions taken (manually added)

You can also enable breach notifications for your team.

Step 8: Perform periodic vendor risk assessments

Use the Vendor risk assessment tab to:

Review all active vendors
Exclude vendors from a cycle
Track due diligence status
Complete and submit assessments for review

PreviousVendors NextDashboard Actions

Last updated 7 months ago

hashtagStep 1: Discover vendors used across your organisation

hashtagStep 2: Add vendors to Sprinto

hashtagStep 3: Configure and apply vendor risk scoring

hashtagStep 4: Assign vendor admins

hashtagStep 5: Complete due diligence

hashtagStep 6: Send and review security questionnaires

hashtagStep 7: Monitor breaches and incidents

hashtagStep 8: Perform periodic vendor risk assessments