Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a vendor review?

Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor’s product or service, as well as an ongoing process to ensure that quality security practices are being maintained in an ongoing fashion. A vendor review process will assess a vendor’s capacity to maintain effective and appropriate security practices and other performance elements critical to an organization’s business. Vendor review is particularly critical when vendors will have access to sensitive internal or customer data.

An organization may develop different vendor review processes for its different vendor types. Vendor reviews will address a range of areas of risk that working with the vendor could pose to an organization, including but not limited to review of a vendor’s physical environment security, organizational security, human resource security, data handling processes, asset management, and more.


Establishing and maintaining regular vendor review processes will help ensure that an organization is effectively monitoring not only its internal security processes, but the security of all the services that comprise its operational ecosystem. If vendors have access to a company’s internal or customer data, the quality of their security practices is as important as the quality of an organization’s own practices.

Additional resources you might like:

Security
Guide
Growing pains: How to update and automate outdated security processes

Has your business outgrown its security processes? Learn how to update them in this guide.

Security
Event
Building security programs that reduce risk

In today’s evolving threat landscape, compliance is only the first step—resilience is the ultimate goal. That’s why Vanta and Huntress have teamed up to help you achieve true cybersecurity resilience.

Security
Blog
How to protect your physical infrastructure with AWS and Vanta

In this blog, we’ll cover physical and environmental infrastructure, explaining what AWS does to protect the cloud centers that store your data and what other security steps you need to take.

Additional resources you might like:

Security
Guide
Growing pains: How to update and automate outdated security processes

Has your business outgrown its security processes? Learn how to update them in this guide.

Security
Event
Building security programs that reduce risk

In today’s evolving threat landscape, compliance is only the first step—resilience is the ultimate goal. That’s why Vanta and Huntress have teamed up to help you achieve true cybersecurity resilience.

Security
Blog
How to protect your physical infrastructure with AWS and Vanta

In this blog, we’ll cover physical and environmental infrastructure, explaining what AWS does to protect the cloud centers that store your data and what other security steps you need to take.

Security
Blog
From automated compliance to AI: How investors are prioritizing security

AI and cybersecurity are top strategic priorities for companies at every scale. See how investors are thinking about security in our increasingly-AI driven world.

Security
Event
Enhancing Security with Trust Center

What is a Trust Center, and how can growing businesses leverage one to proactively demonstrate their commitment to security?

Security
Blog
What is continuous security monitoring?

What is continuous security monitoring and why is it crucial to your business? Learn about continuous monitoring and best practices for ensuring security within your organization.

Security
Blog
How Riot integrates with Vanta to increase cybersecurity awareness

Riot combines learning modules and phishing simulations to raise cyber awareness and solve compliance needs. Find out how Riot integrates with Vanta using the Connectors API.

Security
Blog
Lessons from Vanta’s WebAuthn migration

Rob Picard and Jess Chang from Vanta's Security team explain why and how we migrated to WebAuthn as the mandatory way to log into Okta.

Security
Event
Ask Me (Almost) Anything: AI & Compliance

Wondering about AI and what it means for your company’s compliance program? You can ask these privacy and security experts (almost) anything! Join Vanta’s AM(almost)A on June 27 at 10 am PT and 1 pm ET to connect with Matt Cooper, Senior Manager of Privacy, Risk, & Compliance, and Rob Picard, Security Lead, on emerging trends in AI and compliance. They’ll answer questions and share practical advice to help you navigate this evolving landscape and stay ahead of the curve.

Get compliant and
build trust, fast.

Two wind turbines on a white background.
Get compliant and build trust,
fast.
Get started