Introduction
This powerful tool helps you find, track, and monitor your third-party risks instantly, allowing you to make informed decisions and maintain a strong security posture for your organization.
Key Features of the Dashboard
Vendor List: At the heart of the dashboard is the vendor list, which provides a clear, organized view of all your vendors. You can see their security status at a glance, including their score, status, and assessment details.
Tiering System: DSALTA helps you categorize your vendors into different tiers (e.g., Tier 1, Tier 2, Unfiltered). This system allows you to prioritize your attention and resources based on the criticality of each vendor to your operations.
Security Score and Status:
Score: Each vendor receives a security score, which is a numerical representation of their security posture. A higher score indicates a stronger security status.
Status: The status (e.g., Basic, Advanced) provides an additional layer of information about the vendor's security maturity.
Trend Analysis: The "Trend" column shows you whether a vendor's security posture is improving or declining over time. A positive trend (e.g., +27) means their score is increasing, while a negative trend (e.g., -92) indicates a decrease.
Assessment Details:
Last Assessed: This column tells you when the vendor's security posture was last evaluated.
Reassessment Date: This field indicates the next scheduled reassessment date, helping you stay on top of your vendor risk management schedule.
Filters and Search: Use the search bar and filter options to quickly find specific vendors or narrow down your list based on various criteria such as tier, status, or labels.
Actions:
Import: Easily import new vendor data into the platform.
New Vendor: Manually add a new vendor to your list.
Export: Export your vendor data for external use or reporting.
Importing Vendors Manually
Accessing the Import Feature:
From the main Vendor Risk dashboard, click the Import button.
Select the Enter manually tab.
Entering Domains:
In the text box provided, enter or paste a list of vendor domains you'd like to import.
You can separate the domains by a new line or a comma.
Default Assignments:
Vendors imported using this method will be added to your default portfolio, typically named "Suppliers."
To set specific portfolios, tiers, and labels, you should use the Upload CSV tab.
Finalizing the Import:
Once you've entered the list of domains, click the Import button to add the vendors to your dashboard.
Importing Vendors via CSV
Accessing the Import Feature:
From the main Vendor Risk dashboard, click the Import button.
Select the Upload CSV tab.
Preparing Your CSV File:
Your CSV file should contain a list of your vendor domains in the first column.
You can also include optional columns for portfolios, labels, tiers, and attributes per vendor.
Pro Tip: If one of your vendors has no web presence, use 'no-domain' in place of their primary domain.
Click the CSV Template link to download a pre-formatted template to get started easily.
Uploading the File:
You can either drag and drop your file into the designated area or click Select file to browse your computer.
The platform supports file uploads up to 2 MB.
Overwrite Options:
Before importing, you have the option to:
Override existing portfolios: Replaces current portfolio assignments.
Override existing labels: Replaces existing labels.
Override existing tiers: Replaces existing tier assignments.
Select these options if you want the new data from your CSV to replace existing information.
Finalizing the Import:
Click the Import button to start the bulk import process.
How to Export Your Vendor List
Accessing the Export Feature:
From the main Vendor Risk dashboard, click the Export button.
An "Export Vendors" dialog box will appear.
Selecting a Format:
DSALTA allows you to export your vendor data in various formats.
Click the dropdown menu next to Format and select your desired file type.
Currently, you can export your data as a .PDF file.
Initiating the Export:
Once you've selected the format, click the Export button.
The platform will generate the file, and your download will begin shortly.
How to Add a New Vendor Manually (Part 1)
Initiating the Process:
From the main Vendor Risk dashboard, click on the + New Vendor button.
A search box will appear. Type the domain of the vendor you wish to add (e.g., "https://www.dsalta.com/") into the search bar.
Selecting the Vendor:
DSALTA will search its database and provide a list of potential vendors associated with that domain.
Carefully review the list and select the correct vendor by clicking the checkbox next to their name. In this example, we've selected "Google Ad" with the domain "https://www.dsalta.com/".
Once you've made your selection, click Next to proceed to the next step.
How to Add a New Vendor Manually (Part 2)
Framework Selection:
After selecting your vendor, you'll be asked to "Complete the vendor details."
First, choose at least one Framework that the vendor needs to comply with. This helps customize their security controls and aligns with your security requirements. You can select multiple frameworks if needed.
Tier Assignment:
Next, select a Tier for the vendor. Tiering classifies your vendors based on the inherent risk they pose to your organization.
Portfolio Assignment:
Finally, assign the vendor to one or more Portfolios. Portfolios are used to organize vendors by department, category, or any other organizational structure (e.g., "Suppliers," "Competitors").
Finalizing Details:
Once all details are completed, click Next to continue to the final step of adding the vendor.
How to Add a New Vendor Manually (Part 3)
Select Your Vendor Monitoring Type:
DSALTA provides two methods for monitoring a new vendor:
Add Manually: Start by entering a vendor's name or URL. This method uses credits from your subscription.
Invite via DSALTA (Recommended): Send an invitation directly to the vendor's point of contact. This method is free and offers unlimited invites.
Add a Point of Contact:
For either monitoring type, it's highly recommended to add a point of contact for the vendor.
Enter the vendor's contact details, including:
Email: The email address of the contact person.
Full Name: The full name of the contact person.
Title: Their position within the company.
Finalizing the Process:
Once you've entered all the necessary information, click Add Vendor to finalize the process. The vendor will now be added to your dashboard and the monitoring process will begin.
Understanding Frameworks for Vendor Risk Assessment
When adding a new vendor, the Framework selection is a crucial step. This helps tailor the security assessment to specific compliance and regulatory standards. DSALTA offers a range of frameworks to choose from:
SOC 2: AICPA's standardized framework to prove a company's security posture to prospective customers.
HIPAA: U.S. regulation to secure Protected Health Information (PHI).
ISO 27001: Global benchmark to demonstrate an effective Information Security Management System (ISMS).
GDPR: European Union regulation to protect personal data and privacy of its citizens.
PCI DSS: Industry-mandated requirements to secure Credit Card data.
You can select one or more frameworks to ensure the vendor's security is evaluated against all relevant standards for your organization.
