internal
Vendor security reviews conducted
Annual security reviews for all critical vendors and service providers.
PassingMedium RiskManual
Owner
Compliance Team
Last Tested
10/6/2025
Test Frequency
Annual
Maturity Level
Level 4 / 5
Framework Mappings
Evidence (7)
Cloud provider service agreement
Provide the most recent signed service agreement with your cloud provider (e.g., AWS, Azure, GCP).
VENDORS•EVIDENCE_REQUEST
Company completes security reviews for relevant vendors
This test verifies whether vendors requiring security reviews have current and up-to-date reviews according to their risk levels.
VENDORS•TEST
Third-Party Management Policy
To ensure protection of the organization's data and assets that are shared with, accessible to, or managed by suppliers, including external parties or third-party organizations such as service providers, vendors, and customers, and to maintain an agreed level of information security and service delivery in line with supplier agreements.
Uncategorized•POLICY
Code of Conduct
Develops and maintains a standard of conduct that is acceptable to the company and its employees, customers, and vendors.
Uncategorized•POLICY
Vendors list maintained
This test verifies that you have manually added at least one vendor (other than automatically integrated accounts) on the [Vendors page](/vendors) that is visible to auditors. If you do not have any vendors beyond what Vanta integrates with, you can deactivate this test.
VENDORS•TEST
Vendors assigned risk levels
Verifies that all vendors on the [Vendors page](/vendors) have a risk level assigned.
VENDORS•TEST
Vendor management program established
Please provide compliance reports for Certn, and Google workspace.
CUSTOM•EVIDENCE_REQUEST
Related Policies
Control Information
- Control ID
- vendor-security-reviews-conducted
- Category
- INTERNAL
- Family
- internal
- Last Updated
- 10/6/2025