Monitor vendors continuously
Collect monitorable assets through the Continuous Monitoring objective, then track findings, coverage, and alerts across the program and per vendor, and acknowledge what you handle.
Try it in CybervergentOverview
Move beyond point-in-time assessment to continuous monitoring of vendor assets.
Step-by-step
- 1 Ensure your framework includes the Continuous Monitoring objective so vendors list their assets (URLs, applications, IP addresses).
- 2 Open the program-wide Monitoring tab for the portfolio view, or a single vendor's Monitoring view for its detail.
- 3 Review the monitorable assets and their targets.
- 4 Review the findings, coverage, and mean-time-to-remediate cards to see where exposure and slowness concentrate.
- 5 Open the alerts feed, triage the open alerts by severity, and acknowledge the ones you have handled.
- 6 Feed material monitoring issues back into the vendor's risk position and reassessment.
Related articles
Third-Party Program Stand up a third-party risk program Build a tiered, owned third-party risk program from framework to live register. Third-Party Program Onboard and tier your vendors Bring the vendor population into the register and classify it by criticality and tier. Third-Party Program Run vendor reassessment at scale Keep a large vendor population current with cadence-driven reassessment. Third-Party Program Manage fourth-party and concentration risk See your extended supply chain and where a single provider could take down many vendors.