Embedded Files
Overview
Overview
The Vendors page is where you manage your third-party vendors and track their cybersecurity certifications and overall security status. Vendors are automatically pulled in from the Assets page when you add software assets that include vendor information. It also provides a simple flow to request certifications and capture vendor questionnaire responses.
Accessing the Vendor Assessment Page
Accessing the Vendor Assessment Page
Go to app.maplegrc.com.
Log in with your account credentials.
From the homepage, navigate to the Vendor Assessment Page section.
Before you begin
Before you begin
Add your software assets on the Assets page. MapleGRC will detect any vendor details in those assets and list those vendors here automatically. If a vendor doesn’t appear, you can add it manually from the Vendors page.
You must include any vendor that provides services to you, even if they are not directly related to any asset provided by Maple — for example, IT vendors or website development vendors.
After refresh
After refresh
Auto‑pulled from Assets: Vendors are automatically pulled in from the software assets you added on the Assets page.
When you add an asset, MapleGRC checks if it includes vendor information and displays it here in Vendors.
Add a Vendor Manually
Add a Vendor Manually
Click Add Vendor.
Enter:
Vendor name (e.g., your IT provider or website host)
Vendor URL
Engagement dates
Vendor representative’s Name
Vendor representative’s contact information
Click Save to add them to the list.
Edit an Existing Vendor
Edit an Existing Vendor
Open a vendor to edit the following details:
Vendor name
Vendor URL
Engagement start and end dates
Key contacts (e.g., the privacy officer): name, email, phone number
These contacts are your main communication link with the vendor.
Click Save when finished.
Request Cybersecurity Certifications
Request Cybersecurity Certifications
Use Template for Requesting Certificates.
Clicking this opens a popup with a ready‑made email template you can use if you haven’t yet received cybersecurity documentation from the vendor.
The template requests certifications such as ISO 27001, SOC 2, PCI DSS, or CyberSecure Canada.
The template includes an attachment: a vendor security questionnaire.
Send Vendor Questionnaire
Send Vendor Questionnaire
Download the questionnaire and send it to the vendor.
It covers key questions about their cybersecurity practices.
The vendor can fill in responses and add comments directly in the document.
Upload Returned Certificates or Questionnaire
Upload Returned Certificates or Questionnaire
When the vendor sends back completed questionnaires or certification documents:
Return to the Vendors page.
Click Upload File.
Select a tag:
Certificate (for certifications), or
Other (for questionnaires)
Enter a tag name (e.g., “Cybersecurity Questionnaire”).
Upload the document.
That’s all you need to do on this page.
Why Vendor Assessment Matters
Why Vendor Assessment Matters
CyberSecure Canada requires you to evaluate the security risks associated with your vendors.
Following this process helps ensure vendors securely handle your data and provides assurance that your information is protected.
For example, section 6.2 “Secure Cloud and Outsourced IT Services” focuses on vendor security and outlines how to ensure your data is safely handled by third‑party providers.
Maintaining certificates (when available) or a completed questionnaire (when no cert exists) demonstrates due diligence and helps ensure vendors handle your information securely.
Page updated
Report abuse