⚠️ Select your experience
The steps to manage your Vendor insights depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
The Vendor insights dashboard provides a high-level view of your third-party risk management (TPRM) program. It helps you understand vendor risk posture, review status, and lifecycle health at a glance, and makes it easier to communicate program status to internal stakeholders and auditors.
Prerequisites
Vendor insights are available to customers with TPRM.
Access Vendor insights
To open the Vendor insights dashboard, select Vendors → Vendor insights.
The dashboard displays aggregated metrics across all vendors in your environment. Vendor insights is a read-only overview. It summarizes data from Current vendors, Prospective vendors, and Vendor risks.
Lifecycle overview
The Lifecycle overview section shows vendor counts by lifecycle stage and review urgency. You can view:
Active vendors
Vendors under review
Vendors on hold
Flagged vendors
Reviews due soon
Reviews overdue
Selecting any card redirects you to Current vendors with the corresponding filter applied.
Use this section to quickly identify vendors that require action, such as overdue reviews or vendors currently under evaluation.
Vendor Insights Graphs
The Vendor Insights dashboard includes several graphs that summarize vendor distribution across impact, risk, and key security attributes.
These graphs help you quickly assess overall third-party exposure and identify vendors that may require additional review.
Inherent risk: Shows how vendors are grouped based on their assigned impact rating. This view helps you understand how significantly your organization could be affected if a vendor were compromised or became unavailable.
Risk Level: Shows how vendors are distributed by residual risk classification. Use this graph to identify vendors that may require heightened oversight or more frequent reviews.
Type: Categorizes vendors by relationship type. This helps you understand the composition of your third-party ecosystem.
Password Policy: Shows how vendors authenticate users. This view can help identify vendors that may require stronger authentication controls.
PII Storage: Indicates whether vendors store personally identifiable information. Vendors storing PII may require closer oversight and more frequent review.
Lifecycle status and business units
The final section shows vendor counts by:
Lifecycle status: Active, Under review, Approved, Rejected, On hold, Offboarded, Flagged, Archived
Business unit: Engineering, Product, Marketing, Customer Success, Sales, Legal, Finance, Administrative, Human Resources, Security
Results are ordered by vendor count to highlight concentration areas.
Instructions for the Classic Experience ⬇️
The Vendor Insights dashboard gives you a holistic view of your TPRM program, making it easy for you to communicate and inform your stakeholders of your third party program's risk and health. You'll find graphs and charts that display details on your vendors' risks, criticalities, statuses, review deadlines, and more.
BEFORE DIVING IN
This feature is only available to our TPRM customers.
HERE'S HOW
The dashboard is comprised of various elements; each of which provides a high level summary of the respective modules.
Lifecycle Overview
The first section is our Lifecycle overview. Here you'll find Vendor Counts on:
Four key lifecycle statuses: Active, Under Review, On Hold, Flagged
Two key Reminder Statuses: Due Soon, Overdue
When you select any of the Lifecycle Overview cards, you will be redirected to the Vendor Directory page with the respective filter selected.
Risk Level and Criticality
The next section will provide a overview of your overall Vendor Risk and Criticality posture. This will include a distribution of your vendors across Risk Levels (High, Moderate, Low, None) and Criticality Levels (Yes, No, None).
Note: If a Vendor does not have a Risk or Criticality level, the chart will display "None" for that Vendor count.
Type, Password Policy, PII Storage
The next section will provide a overview of your Vendors Types, Password Policies and PII Storage. This will include a distribution of your vendors across Type (Vendor, Supplier, Contractor, Partner, Other, None), Password Policy (Username & Password, SSO, LDAP, None), and PII Storage (Yes, No).
Lifecycle Status and Business Units
The last section will provide you an overview of all the Lifecycle Statuses (Active, Under Review, Approved, Rejected, Flagged, On Hold, Off-boarded) and Business Units (Engineering, Marketing, Product, CS, Sales, Legal, Finance, Administrative, HR, Security) ordered by the most the least in Vendor Count. This is where you can quickly and easily understand where each Vendor is in the process of the procurement process and which types of companies you are doing business with.
Vendor Status descriptions:
Under Review - To be used when the vendor is still under consideration, such as security review or proof of concept still in progress
Approved - Vendor is approved for use, but may not be implemented yet or may be looking at other options still
Rejected - Vendor was reviewed and rejected for use
Active - This vendor is now implemented and actively being used by the org
Offboarded - To be used when an active vendor is no longer being used and is offboarded from the organization
On Hold - To be used when awaiting an action to be taken by vendor or another team
Flagged - This vendor needs an action taken that falls outside the normal process
Archived - This vendor was approved for use, but never actually onboarded or used, so they were never active and aren't offboarded either
