Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is a vendor review?

Vendor review is a process by which an organization can understand the potential risks of utilizing a vendor’s product or service, as well as an ongoing process to ensure that quality security practices are being maintained in an ongoing fashion. A vendor review process will assess a vendor’s capacity to maintain effective and appropriate security practices and other performance elements critical to an organization’s business. Vendor review is particularly critical when vendors will have access to sensitive internal or customer data.

An organization may develop different vendor review processes for its different vendor types. Vendor reviews will address a range of areas of risk that working with the vendor could pose to an organization, including but not limited to review of a vendor’s physical environment security, organizational security, human resource security, data handling processes, asset management, and more.


Establishing and maintaining regular vendor review processes will help ensure that an organization is effectively monitoring not only its internal security processes, but the security of all the services that comprise its operational ecosystem. If vendors have access to a company’s internal or customer data, the quality of their security practices is as important as the quality of an organization’s own practices.

Additional resources you might like:

Security
Blog
Lessons from Vanta’s WebAuthn migration

Rob Picard and Jess Chang from Vanta's Security team explain why and how we migrated to WebAuthn as the mandatory way to log into Okta.

Security
Event
Ask Me (Almost) Anything: AI & Compliance

Wondering about AI and what it means for your company’s compliance program? You can ask these privacy and security experts (almost) anything! Join Vanta’s AM(almost)A on June 27 at 10 am PT and 1 pm ET to connect with Matt Cooper, Senior Manager of Privacy, Risk, & Compliance, and Rob Picard, Security Lead, on emerging trends in AI and compliance. They’ll answer questions and share practical advice to help you navigate this evolving landscape and stay ahead of the curve.

Security
Guide
How to minimize third-party risk with vendor management

Get insights and best practices from security & compliance experts on how to manage third-party vendor risk in this free guide.

Get compliant and
build trust, fast.