WatchDog Security Help Center
    User Guide
    • Docs Home
    • Admin Guide
    • User Guide
    • MSP Guide
    • WatchDog Security End-User Guides
    • Activate Your Account
    • Account Settings
      • Update Profile
      • Customize Theme
      • Adjust Appearance
      • Change Password
      • Manage Two Factor Authentication
      • Generate Backup Codes
    • Notification Center
      • Configure User Events
    • Posture Management
      • View Posture Findings
      • Manage Automated Monitors
      • Manage Manual Monitors
    • WatchDog University
      • View Assigned Courses
      • Complete Course
      • Download Certificate
    • Policy Management
      • View Assigned Policies
      • Accept Policy
    • Risk Management
      • View and Manage Risks in Risk Register
      • Edit and Manage Risk
      • Manage Risk Tasks
      • Manage Risk Lifecycle
    • Vendor Management
      • Track Security Events
      • Manage Vendor Documents
      • Perform Vendor Assessments
      • Classify Vendor Risk
    • Inventory
      • Update Inventory Item
    • Secure File Exchange
      • Create Drop Zone
      • Drop Zone Usage
      • Manage Active Drop Zone
      • View Expired Drop Zones

    Vendor Management

    Vendor Management allows organizations to track, assess, and monitor third-party vendors that interact with their business.
    This feature helps security teams maintain visibility into vendor risk by centralizing vendor records, security documentation, assessments, and external security events in a single location.
    It is designed to support both operational vendor tracking and compliance-driven vendor risk management processes.
    Who can use this feature?
    All Account Owners and Security Admins
    Any End Users assigned as an owner to one or more vendors
    Available on the Free, Core and Business plans

    Key Features#

    Track Security Events
    Monitor vendor-related security incidents and breaches using external data sources.
    Manage Documents
    Store and manage vendor documents such as NDAs, compliance reports, and certifications.
    Perform Assessments
    Evaluate vendor security using manual reviews, attestations, or questionnaires.
    Classify Vendor Risk
    Assign data types to vendors to determine risk level and required controls.

    Vendor Assessment Methods#

    WatchDog supports three different approaches to evaluating vendor security:
    Manual Review
    Security teams answer structured questions based on publicly available vendor information.
    Compliance Attestation Review
    Organizations review vendor-provided compliance reports such as SOC 2 or ISO 27001.
    Security Questionnaire
    Vendors complete a questionnaire that is reviewed and stored within the platform.
    Each method provides flexibility depending on vendor maturity and available documentation.

    Vendor Data & Risk Classification#

    Vendors are classified based on the type of data they access or process.
    Data types range from low-risk (public data) to high-risk (financial data, PHI, SPII).
    This classification helps determine:
    Required security controls
    Assessment depth
    Ongoing monitoring requirements
    Selecting accurate data types is critical for proper risk evaluation.

    Vendor Lifecycle#

    Vendor Management supports the full vendor lifecycle:
    Vendor onboarding and creation
    Risk classification and ownership assignment
    Security documentation collection
    Security assessment and review
    Continuous monitoring through security events
    Ongoing updates and document management
    This ensures vendors remain compliant and secure over time.

    Troubleshooting#

    Cannot Add Vendor
    If a vendor cannot be added:
    Ensure you have the Account Owner or Security Admin role
    Verify all required fields such as Name, Owner, and Accessed Data Types are completed
    For custom vendors, ensure a valid Website is provided
    Documents Not Uploading
    Security Events Not Visible
    Assessment Cannot Be Completed
    Modified at 2026-03-26 21:59:14
    Previous
    Manage Risk Lifecycle
    Next
    Track Security Events
    Built with