Vendor Insights

Improve procurement speed and trust by streamlining vendor risk assessments

Discover products with Vendor Insights profiles

Buy with AWS

Simplify third-party software risk assessments

AWS Marketplace Vendor Insights helps simplify third-party software risk assessments by compiling security and compliance information in a unified dashboard. It helps streamline the procurement process by granting you access to evidence made available by sellers related to data privacy and residency, application security, and access control. AWS Config and AWS Audit Manager provide automated evidence refreshing, helping you perform continual compliance monitoring. Using AWS Artifact third-party reports, gain on-demand access to vendors’ compliance reports.

AWS Marketplace Vendor Insights

Automate Vendor Security

Accelerate assessments and maintain continuous compliance monitoring of your third-party software providers

Validate vendors faster

Access and download security and compliance artifacts in the Vendor Insights dashboard, reducing the need for manual questionnaires and saving you 8-10 weeks of evidence collection and validation.

Continual compliance monitoring

AWS Config and Audit Manager provide automated evidence refreshing, giving you continual risk monitoring for your third-party software and reducing the need for annual assessments.

Security profile notifications

Gain ongoing visibility into the security posture of your third-party products by signing up for notifications. You can get alerts for security and compliance events, such as expiration of a vendor’s compliance certificate.

Enterprise customers

View pricing

Accelerated Risk Assessment

Your security engineers can now complete third-party software risk assessments in days instead of months. Vendor Insights reduces the need for an extensive IT security assessment and discovery process.

Streamlined Security Compliance Search

Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles.

Verified Vendor Documentation

Access and download current and validated information, with evidence gathered from the vendors’ security tools and audit reports.

Continuous Security Monitoring

Monitor your software’s security posture post-procurement and receive notifications for security and compliance events.

Software vendors

View pricing

Streamlined Customer Due Diligence

AWS Marketplace software vendors can now reduce the operational burden of responding to buyer requests for risk assessment information by centralizing security and compliance artifacts and giving your customers a self-service access experience.

Simplified Profile Creation

Build your product’s profile by uploading your audit and compliance reports and completing a software risk assessment with Audit Manager.

Centralized Compliance Documentation

Store your compliance reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, in AWS Artifact third-party reports.

Controlled Information Sharing

View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights.

Discover products with Vendor Insights profiles

View more products with vendors insights profiles

Elastic is a search powered platform that helps you transform data into actionable insights across search applications, observability and security. Learn more

Spot by NetApp automates and continuously optimizes cloud compute infrastructure, dramatically increasing developer productivity, reducing time to market, and automating cost optimization. Learn more

Trend Micro Cloud One provides broad security coverage through one easy-to-use platform. Gain instant visibility into your entire environment, and meet your PCI-DSS and regulatory compliance requirements. Learn more

Creates space where there's a required image that's unecessary

As a SaaS security ISV partner built on AWS GovCloud, Zscaler is excited that Vendor Insights helps customers identify our capabilities through the AWS Marketplace. Vendor Insights helps us accelerate providing security risk information to our customers, saving them weeks of back and forth paperwork.

Stephen Kovac

Chief Compliance Officer & Head of Global Government Affairs, Zscaler

At MongoDB we constantly search for new ways to help our customers buy with convenience, confidence, and control. Through AWS Marketplace Vendor Insights, we're able to further improve customers' self-service access experience by embedding security and compliance artifacts into the purchasing process.

Ania Kowalczuk

Vice President of Governance Risk and Compliance, MongoDB

BigID is a strong believer in security automation and we’re thrilled to work with AWS on Vendor Insights. Our compliance teams can spend weeks working to get customers the answers they need and Vendor Insights has allowed us to reduce that to hours.

Tyler Young

BigID Chief Information Security Officer

How it works

SOFTWARE BUYER FAQs

Open all

What is AWS Marketplace Vendor Insights?

Vendor Insights is a new feature in AWS Marketplace that gives you a simple way to request, view, and assess security posture and compliance information for third-party software products. Vendor Insights helps simplify and accelerate the risk assessment and procurement process.

How do I get started with Vendor Insights?

You can discover products with Vendor Insights profiles by navigating to the AWS Marketplace search page and filtering by Vendor Insights and Security Profiles. Optionally, you can further filter by Product certificates to narrow the search results to products with certifications, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR. After you find a product that you are interested in, choose the title to navigate to the product details page. From the product details page, you can navigate to the Vendor Insights profile either by clicking the view assessment data button, or the link in the Vendor Insights widget. To view the dashboard with detailed evidence for the 125 security and compliance controls, click the request access button and complete a non-disclosure agreement with the vendor. For non-admin identity and access management (IAM) users, attach the Vendor Insights Managed Policy to the IAM role for access.

Can I download security and compliance information from Vendor Insights?

You can export the security and compliance control data in Vendor Insights dashboards, along with evidence, to the CSV and JSON format and ingest into your vendor management tools. You can also download certificates shared by the vendor through AWS Artifact third-party reports.

How does this service relate to/work with AWS services?

Your procurement team and security approvers can swiftly access the AWS Marketplace Vendor Insights dashboard from the AWS Marketplace product detail page. Integration with AWS Artifact third-party reports helps you access vendor compliance reports on-demand. Seller security profiles are automatically updated with evidence from AWS Config and AWS Audit Manager deployed on a seller's production account.

Can I use Vendor Insights if I don’t procure software through AWS Marketplace?

There is no charge to access and subscribe to security and compliance information for products with Vendor Insights security profiles to assist with pre-procurement evaluations for products not purchased in AWS Marketplace. By default, subscriptions to software security profiles expire after 60 days. You can keep the subscription active after 60 days by procuring the software in AWS Marketplace.

SOFTWARE VENDOR FAQs

Open all

How do I build a Vendor Insights profile for my software?

Build your product’s Vendor Insights profile by uploading audit and compliance report(s), and completing a self-assessment on Audit Manager. Contact AWS Marketplace support to add a Vendor Insights profile to your software. To learn more about how to get started, visit the seller guide documentation.

Do I have control over who can access my information in my Vendor Insights profile?

Yes, you can view and approve buyer requests for viewing security controls and compliance artifacts that you store in Vendor Insights. By creating and sharing your Vendor Insights profile, you can expect shorter sales cycles and faster revenue recognition, which can help grow your business faster.

How does this service relate to and work with AWS services?

Vendor Insights integrates with Audit Manager and AWS Config, which support automated evidence collection. Your product’s security and compliance information is automatically pulled and kept up to date, reducing the operational burden for your product teams. Vendor Insights integrates with AWS Artifact third-party reports to store your compliance and audit reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, and makes them available to buyers. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document.

Can I onboard my product to Vendor Insights if I don't sell through AWS Marketplace?

No, Vendor Insights will support only AWS Marketplace software so you need to onboard your product to AWS Marketplace to create a Vendor Insights profile.

Can I use Vendor Insights if I build my software across multiple cloud infrastructures?

Yes, you can use Vendor Insights for software that is hosted across multiple clouds. However, Vendor Insights will not be able to source automated security control data from cloud environments outside of AWS. You can upload certified audit reports or provide manual evidence as self-attested information for your non-AWS environments.

Can I use Vendor Insights if I don’t use AWS security tools?

Yes, Vendor Insights can be used for your software if you don’t currently use AWS security tools. You can upload manual evidence from your security tool as self-attested information. Alternatively, Vendor Insights can turn on AWS security services with a high tier of trust to help automate evidence gathering with Audit Manager.

Make AWS Marketplace purchases on Partner websites using Buy with AWS

Buy with AWS, powered by AWS Marketplace, offers a new way to buy software from AWS Partner websites. Learn how you can use your AWS account to purchase software on websites outside of AWS today.

Learn more