Posted On: Jun 13, 2023

Today, AWS Audit Manager announces expanded support for third-party risk assessments with the launch of two new features: a third-party questionnaire and the ability to export evidence as a comma-separated values (CSV) file. Customers can already share custom frameworks with vendors on AWS, so that vendors can create assessments on these frameworks and automatically collect evidence from their environments. Together, these features make it easier for enterprises to customize their third-party vendor risk assessments on AWS. 

Now, you can create vendor risk assessment questionnaires tailored to your organization's unique needs. With custom forms, each control in Audit Manager can represent a specific question in your risk assessment questionnaire. You can then share your risk assessment questions with your vendors and partners to collect simple text responses or documentation as evidence. 

Your vendors can now enter text responses directly within the Audit Manager console and save them as manual evidence for future reference. These responses, as well as any uploaded files and automated evidence collected, can be packaged into an assessment report and shared back to you. 

In addition, all of the automated evidence collected in your vendor’s account can be exported as a CSV file using evidence finder and sent back to you, helping you enhance your third-party risk assessments. Whether you need a portable version of your search results or want to share them with stakeholders, the CSV export option provides a versatile and widely supported format.

To get started, see Creating a custom control and Viewing results in evidence finder in the AWS Audit Manager User Guide.