Vendor Management
Track third-party vendors and security reviews (CC9.2)
Click a vendor to customize and add
All vendors have been added to your organization.
No vendors match your filter criteria.
No vendor templates available.
| Vendor Name | Service Type | Risk Matrix | Questionnaire | Security Review | SOC 2 Report | Actions | |
|---|---|---|---|---|---|---|---|
|
Not assessed
|
🟡 Pending 🟢 Submitted 🔴 Expired ✅ Reviewed Not sent | View Report - | |||||
| No vendors found. Add a vendor to start tracking. | |||||||
Vendor Comparison
Select 2 or more vendors to compare side-by-side.
| Attribute | |
|---|---|
| Service Type | |
| Risk Score | /100 |
| Risk Tier | |
| Review Status | |
| Review Cadence | |
| Next Review | |
| Data Classification | |
| Subprocessors | |
| Valid Certs | / |
| Contract End |
Add New Vendor
SOC 2 CC9.2 - Third-Party Risk Management
Vendor Information
Basic details about the third-party vendor
The official company or product name
Contact & Access
Vendor contact information and access points
Risk Assessment
Evaluate the vendor's criticality and review schedule
Schedule the next security review (recommended: annually for critical vendors)
Review Requirements
Self-attestation, basic questionnaire
Security questionnaire, SOC 2 preferred
SOC 2 Type II required, annual review
SOC 2 + ISO 27001, quarterly reviews
Due Diligence Tips
- • Request SOC 2 Type II reports
- • Review data processing agreements
- • Verify sub-processor disclosures
- • Check incident history
AI Security Review