Home

Vendor Management

How to Manage Individual Vendors in Vendor Management

Search

How to Manage Individual Vendors in Vendor Management

Au

Adarsh

February 1, 2026

Once a vendor is added in Uproot Security, each vendor has a dedicated workspace where teams can document context, assess risk, complete reviews, and track remediation over time. This article explains every section available inside a vendor record and how it is used.

Accessing a Vendor Record

Image

To open a vendor:

  1. Go to Risk → Vendor Management
  2. Select a vendor from the vendor list

This opens the vendor detail page with three primary sections:

  • Overview
  • Reviews
  • Risk

Image

Vendor Overview

The Overview tab captures core vendor context and risk-relevant metadata. This information is used throughout reviews, assessments, and reporting.

Image

  1. Basic Information

Image
Defines ownership and business context for the vendor:

  • Vendor Name
  • Vendor Type (e.g., Software, Service Provider)
  • Business Unit using the vendor
  • Owner responsible for the vendor internally
  • Website
  • Status (Active / Inactive)

This ensures accountability and clear ownership for audits and escalations.

  1. Data Classification & Security

Image
Documents how sensitive the vendor relationship is:

  • Data Classification (e.g., Public, Internal, Confidential)
  • Operational Impact (Low to Critical)
  • Risk Level (derived from assessments)
  • Data Location (e.g., US, EU)
  • Review Cycle (e.g., Yearly)
  • Access to Environments (Production, Staging, etc.)

These fields help prioritize reviews and enforce risk-based vendor management.

Security & Compliance Flags

Quick indicators of a vendor’s compliance and privacy impact:

  • Stores PII
  • Is Subprocessor
  • Is Reseller

These flags help teams quickly identify vendors that require additional review during SOC 2, ISO 27001, and privacy assessments.

  1. Data Handling

Image
Provides narrative context for auditors and internal reviewers:

  • Stored Data Description – what data exists in the vendor
  • Additional Notes – architectural or dependency context
  • Data Accessed or Processed – scope of vendor access across environments

This section is critical for explaining vendor dependency and blast radius.

Vendor Reviews

The Reviews section is used to conduct structured vendor assessments.

Image

  1. Vendor Questionnaires

Image
Each review is organized into a questionnaire with predefined categories such as:

  • Security
  • Privacy
  • Operational
  • Financial
  • Legal / Compliance

Each category contains targeted questions used to assess vendor controls and commitments.

Powered By SparrowDesk