Vendor Insights

Improve procurement speed and trust by streamlining vendor risk assessments

Simplify third-party software risk assessments

AWS Marketplace Vendor Insights helps simplify third-party software risk assessments by compiling security and compliance information in a unified dashboard. It helps streamline the procurement process by granting buyers access to evidence made available by sellers related to data privacy and residency, application security, and access control. AWS Config and AWS Audit Manager provide automated evidence refreshing, helping buyers perform continual compliance monitoring.
Site-Merch_Global-Partners-lilac

Validate vendors faster

Access security and compliance artifacts in the Vendor Insights dashboard, reducing the need for manual questionnaires and saving you 8-10 weeks of evidence collection and validation.

AWS_TC_Security_Site_Merch_lilac

Continual compliance monitoring

AWS Config and Audit Manager provide automated evidence refreshing, giving you continual risk monitoring for your third-party software, and reducing the need for annual assessments.

Site-Merch_AWS-Security_Editorial-lilac

Security profile notifications 

Gain ongoing visibility into the security posture of your third-party products by signing up for notifications. Get alerts for security and compliance events, such as expiration of a vendor’s compliance certificate.

Enterprise customers

 Your security engineers can now complete third-party software risk assessments in hours instead of months. Vendor Insights reduces the need for an extensive IT security assessment and discovery process. 

Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles.

Access current and validated information, with evidence gathered from the vendors’ security tools and audit reports.

Monitor your software’s security posture post-procurement and receive notifications for security and compliance events.

 Single dashboard with summary of key security and compliance controls

 Access to security artifacts like ISO 27001 and SOC2 Type 2

 Automated evidence refresh from AWS Config and Audit Manager assessments

Software vendors

AWS Marketplace software vendors can now reduce the operational burden from responding to buyer requests for risk assessment information by centralizing security and compliance artifacts and allowing customers to have a self-service access experience.

Build your product’s profile by uploading your ISO 27001 or SOC2 Type 2 report and completing a software risk assessment with Audit Manager. 

Store your compliance reports such as FedRAMP certification or PCI DSS. 

View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights.

Frequently asked questions

SOFTWARE BUYER FAQs

  • What is AWS Marketplace Vendor Insights?

    Vendor Insights is a new feature in AWS Marketplace that provides buyers a simple way to request, view, and assess security posture and compliance information for third-party software products. Vendor Insights helps simplify and accelerate the risk assessment and procurement process.

  • How do I get started with Vendor Insights?

    You can discover products with Vendor Insights profiles by navigating to the AWS Marketplace search page and filtering by ‘Vendor Insights’ and ‘Security Profiles’. Optionally, you can further filter by ‘Product certificates’ to narrow the search results to products with certifications such as ISO 27001 or SOC2 Type 2. After you find a product that you are interested in, choose the title to navigate to the product details page. From the product details page, you can navigate to the Vendor Insights profile either by clicking the 'View assessment data' button, or the link in the Vendor Insights widget. To view the dashboard with detailed evidence for the 140 security and compliance controls, click the 'Request access' button and complete a non-disclosure agreement with the vendor.

  • How does this service relate to/work with AWS services?

    Your procurement team and security approvers can swiftly access the AWS Marketplace Vendor Insights dashboard from the AWS Marketplace product detail page. 

  • Can I use Vendor Insights if I don’t procure software through AWS Marketplace?

    Yes, you can use Vendor Insights even if you don’t procure the software through AWS Marketplace. You can request access to and view the Vendor Insights profile during pre-procurement assessments, and subscribe to notifications post-procurement, to continually monitor changes to security controls.

SOFTWARE VENDOR FAQs

  • How do I build a Vendor Insights profile for my software?

    Build your product’s Vendor Insights profile by turning on automated Config and Audit Manager assessments on your production AWS account(s), uploading your ISO 27001 or SOC2 Type 2 audit report (if available), and completing a self-assessment on Audit Manager. Once setup is complete, Vendor Insights will automatically keep your profile up to date by pulling updates from automated assessments on your production AWS account(s). Contact AWS Marketplace support to add a Vendor Insights profile for your software.

  • Do I have control over who can access my information in my Vendor Insights profile?

    Yes, you can view and approve buyer requests for viewing security controls and compliance artifacts that you store in Vendor Insights. By creating and sharing your Vendor Insights profile, you can expect shorter sales cycles and faster revenue recognition, which can help grow your business faster. 

  • How does this service relate to and work with AWS services?

    Vendor Insights integrates with Audit Manager and Config, which support automated evidence collection. Your product’s security and compliance information is automatically pulled and kept up to date, reducing the operational burden for your product teams. Vendor Insights integrates with Artifact to store your compliance and audit reports, such as FedRAMP certification and PCI DSS compliance report, and makes them available to buyers.

  • Can I onboard on to Vendor Insights if I don’t sell through AWS Marketplace?

    No, Vendor Insights will only support AWS Marketplace software so you need to onboard your product to AWS Marketplace to create a Vendor Insights profile.

  • Can I use Vendor Insights if I build my software across multiple cloud infrastructures?

    Yes, you can use Vendor Insights for software that is hosted across multiple clouds. However, Vendor Insights will not be able to source automated security control data from cloud environments outside of AWS. You can upload certified audit reports or provide manual evidence as self-attested information for your non-AWS environments.

  • Can I use Vendor Insights if I don’t use AWS security tools?

    Yes, Vendor Insights can be used for your software if you don’t currently use AWS security tools. You can upload manual evidence from your security tool as self-attested information. Alternatively, Vendor Insights can turn on AWS security services with a high tier of trust to help automate evidence gathering with Audit Manager.

Get started with AWS Marketplace

AWS Marketplace is a curated digital catalog that makes it easy to find, test, buy, and deploy the third-party software you want, with the simplified procurement and controls you need.