Vendors are the business entities who provide you a service. Vendors are important because they expose you to third-party risk: if one of your vendors is hacked, your data might be affected.
Check out Aptible's Guide to Vendor Management
We've spilled a lot of ink about Vendor Management. Check out our Security Management Guide for more information about Vendor Management best practices.
When should I use a SaaS System, and when should I use Vendors?
Vendors are companies/organizations—legal entities that you have contracts (BAAs, SLAs, DPAs, etc.) with. SaaS systems are the tools you use that store or process your data. E.g., Google the company vs. Gmail, G Suite, etc. AWS vs. your specific VPCs. Slack vs. Slack (included to point out that sometimes the company and the software are called the same thing).
- Click on the Assets tab
- Select the Vendors tab on the left hand navigation
- Select Add Vendor in the top right
- Add in the Name, Owner, Description, Vendor Documents and Status. We recommend dropping a link to the location where you store agreements and important documents relating to this vendor in the "Vendor Documents" field.
- Status Legend:
- Active: your company is actively working with and managing that vendor
- Inactive: your company is no longer working with that vendor.
You can also add multiple vendors at once by clicking "Add in Bulk."
Updated about 2 years ago