Skip to main content

Vendors overview in Drata (New Experience)

Updated this week

💡 Still using the classic Drata experience? Refer to Vendor Directory & Profiles for the original UI.

The Vendors area centralizes third-party vendor management in Drata so you can track vendor security posture, review status, and supporting evidence.

Understand the Vendors area

Vendors includes multiple pages for different workflows:

  • Vendor insights: Dashboard-level overview (active vendors, reviews due/overdue, risk and impact breakdowns)

  • Current vendors: Vendors you actively work with

  • Prospective vendors: Vendors under evaluation before onboarding

  • Vendor risks: Risks associated with vendors

  • Criteria: Evaluation criteria used in vendor reviews

  • Vendor settings: Defaults for reminders, recurring reviews, and vendor-facing email settings

This article focuses on managing vendors in Current vendors.

Access Current vendors

Select Vendors → Current vendors. From Current vendors, you can:

  • Filter vendors by fields such as Status, Type, Impact level, Overall risk, Security review status, Next review deadline, Business unit, and Security owner

  • Search vendors by name

  • Download the vendor list for audit review

Add a single vendor

  1. Select Add vendor.

  2. Enter vendor details.

  3. Upload supporting documentation as needed (for example, a security policy or SOC report).

  4. Save your changes.

Overall risk levels

Use risk levels to reflect how vendor failure or compromise would impact your organization:

  • High: The vendor stores or can access sensitive data, or the business is highly dependent on the vendor’s services.

  • Moderate: The vendor has limited access to sensitive data, or service loss would be disruptive.

  • Low: The vendor does not access sensitive data and service loss would not be disruptive.

Add or Update Vendors in Bulk

If you manage many vendors, you can upload them in bulk using a CSV file. Bulk upload becomes available after at least one vendor exists in your directory.

  1. Go to Vendors → Current vendors

  2. Select Add vendor → Add / update in bulk

  3. Download the CSV template

  4. Enter vendor details in the template

  5. Save the file as a CSV

  6. Upload the CSV and select Next

  7. Review the summary of changes and finalize the upload

Bulk upload behavior

  • Vendors with the same name or website URL are updated.

  • Blank fields do not overwrite existing values.

  • Bulk upload does not include certain impact assessment fields, but it does include Impact level.Archive, restore, or delete a vendor

Bulk Upload Field Requirements (Reference)

Your CSV must include all required and optional column headers.

Optional fields do not require values, but the column header must still be present in the file.

Valid URL Format

URL fields accept either:

  • A domain name (for example, drata.com or www.example.com)

  • A full URL (for example, https://example.com/page)

Do not use backslashes (\) or incomplete values (for example, example).

Supported Vendor Fields

Field name

Acceptable value

Name (Required)

Open text

Website URL (Optional)

URL

Privacy URL (Optional)

URL

Terms Of Use URL (Optional)

URL

Provided Services (Optional)

Open text

Risk (Optional)

Low, Moderate, High

Impact Level (Optional)

Insignificant, Minor, Moderate, Major, Critical

Type (Optional)

Vendor, Supplier, Contractor, Partner, Other

Status (Optional)

Active, Under Review, Flagged, On Hold, Approved, Rejected, Offboarded, Archived

Annual Contract Value (Optional)

Number

Additional Notes

Open text

Subprocessor (Optional)

Yes, No

Subprocessor Data Location (Optional)

Open text

Integrations

Vendor name within your Vendor directory.

Business Unit (Optional)

Engineering, Product, Marketing, Customer Success, Sales, Legal, Finance, Administrative, Human Resources, Security

Stores PII (Optional)

Yes, No

Stored Data (Optional)

Open text

Vendor Relationship Contact (Optional)

Email


Ensure that the entered email is the same email that is saved in Drata. You can go to the Personnel page to view the emails that are saved for each personnel.

Security Owner (Optional)

Email


Ensure that the entered email is the same email that is saved in Drata. You can go to the Personnel page to view the emails that are saved for each personnel.

Contact at Vendor (Optional)

Open text

Contact’s Email (Optional)

Valid email address

Password Policy (Optional)

Username & Password, SSO, LDAP, Not Applicable, SCIM, Other


​If you select Not Applicable, the remaining password fields do not apply.

Password Requires Minimum Length (Optional)

Yes, No

Password Minimum Length (Optional)

6, 7, 8, 9, 10, 11, 12+

Password Requires Number (Optional)

Yes, No

Password Requires Symbol (Optional)

Yes, No

Password Two-Factor Authentication Enable Enabled (Optional)

Yes, No

Upload Vendors with Custom Fields

If your account uses custom vendor fields, they are included in bulk uploads.

Custom field type

Acceptable value

Currency

Number (with or without decimals)

Number

Number

Dropdown

Valid dropdown option

Short Answer

Open text (max 191 characters)

Long Answer

Open text (max 30,000 characters)

If a required custom field contains an invalid value, the vendor will not be added. Invalid values for optional custom fields are ignored.

Archive a vendor

Archive vendors you no longer work with but want to retain for audit history.

  1. Open the vendor profile.

  2. Select the ellipsis (⋯).

  3. Select Archive vendor.

Restore a vendor

  1. Open Vendors → Current vendors.

  2. Filter by Status → Archived.

  3. Select the vendor.

  4. Select the ellipsis (⋯).

  5. Select Restore vendor.

Delete a vendor

⚠️ This action cannot be undone.

Delete vendors only if they were added in error.

  1. Open the vendor profile.

  2. Select the ellipsis (⋯).

  3. Select Delete vendor and confirm.

Related Articles
Vendor Directory & Profiles
Vendor risks (New Experience)
Add a prospective vendor (New Experience)
Create and Manage Vendor Questionnaires (New Experience)
Manage Tasks in Drata (New Experience)
Did this answer your question?