Posted On: Nov 30, 2022
AWS Marketplace Vendor Insights is now generally available, helping customers and sellers streamline the complex third-party software risk assessment process by enabling sellers to make security and compliance information available in AWS Marketplace. A unified web-based dashboard gives governance, risk, and compliance (GRC) teams access to security and compliance information, such as data privacy and residency, application security, and access control. Vendor Insights serves buyers who need help to efficiently validate that third-party software meets their business compliance needs. Vendor Insights also serves sellers who want to showcase their strong security posture, while reducing the operational burden from responding to buyer requests for risk assessment information.
After creating a security profile, sellers can grant customers access to an up-to-date dashboard with 125 common controls, which include automated updates of AWS-sourced evidence directly from the seller’s SaaS environments. Evidence in the dashboard includes AWS Config and AWS Audit Manager assessments, external audit reports like ISO27001 and SOC2 Type 2 stored in AWS Artifact third-party reports (Preview), and software vendor self-assessments. Buyers can review the dashboards within AWS Marketplace or download data and seller certificates to ingest into their own vendor management tools.
Using Vendor Insights can help buyers reduce assessment lead time by allowing buyers to access the vendor’s validated security profile, saving months of effort from questionnaires and back-and-forth with vendors. Using Vendor Insights notifications also helps buyers remove the need for periodic reassessments. Vendor Insights provides ongoing visibility and alerts about the vendor’s security hygiene, such as if a compliance certification expires.
Vendor Insights is available in all public AWS Regions where AWS Marketplace is available.
There is no charge for buyers to use Vendor Insights. You can access Vendor Insights during the procurement phase and for products procured in AWS Marketplace, however you lose access to Vendor Insights profiles if you have not procured the product after 60 days. For sellers, AWS Marketplace doesn’t charge to activate and use Vendor Insights. You will incur fees for using Audit Manager and AWS Config. For more pricing information, please visit the Vendor Insights pricing page.