Vendor Insights

Improve procurement speed and trust by streamlining vendor risk assessments

PRODUCTS WITH VENDOR INSIGHTS PROFILES    |    FAQs    |    RESOURCES    |    PRICING    

Simplify third-party software risk assessments

AWS Marketplace Vendor Insights helps simplify third-party software risk assessments by compiling security and compliance information in a unified dashboard. It helps streamline the procurement process by granting you access to evidence made available by sellers related to data privacy and residency, application security, and access control. AWS Config and AWS Audit Manager provide automated evidence refreshing, helping you perform continual compliance monitoring. Using AWS Artifact third-party reports, gain on-demand access to vendors’ compliance reports.
AWS Marketplace Vendor Insights | (1:48 min)

Validate vendors faster

Access and download security and compliance artifacts in the Vendor Insights dashboard, reducing the need for manual questionnaires and saving you 8-10 weeks of evidence collection and validation.

Continual compliance monitoring

AWS Config and Audit Manager provide automated evidence refreshing, giving you continual risk monitoring for your third-party software and reducing the need for annual assessments.

Security profile notifications 

Gain ongoing visibility into the security posture of your third-party products by signing up for notifications. You can get alerts for security and compliance events, such as expiration of a vendor’s compliance certificate.

How it works

Chart of how it works, from left 1st column 2 rows, second column 3 rows, 3rd column 3 rows. Starting from top right: AWS Config, AWS Audit Manager, and SaaS hosting AWS accounts leads to the left column in to Evidence from workloads on AWS. Below that section is AICPA SOC 2 and ISO 27001 leading in to the left column, second row of chartin to Evidence from audit report.  Below that section is Product Owner leading in to Self Attestation.  Evidence from workloads on AWS, Evidence from audit report, and Self Attestation lead in to Security Controls in the 1st column, 1st row.  In 1st column, 2nd row, column title AWS Artifact: PCI Security Council, HIPAA Compliance, FedRAMP, and Additional Artifacts.  The first column then points to a box labeled AWS Marketplace Vendor Insights

Enterprise customers

Your security engineers can now complete third-party software risk assessments in days instead of months. Vendor Insights reduces the need for an extensive IT security assessment and discovery process.

Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles.

Access and download current and validated information, with evidence gathered from the vendors’ security tools and audit reports.

Monitor your software’s security posture post-procurement and receive notifications for security and compliance events.

Software vendors

AWS Marketplace software vendors can now reduce the operational burden of responding to buyer requests for risk assessment information by centralizing security and compliance artifacts and giving your customers a self-service access experience.

Build your product’s profile by uploading your audit and compliance reports and completing a software risk assessment with Audit Manager. 

Store your compliance reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, in AWS Artifact third-party reports.

View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights.

Frequently asked questions

SOFTWARE BUYER FAQs

  • Vendor Insights is a new feature in AWS Marketplace that gives you a simple way to request, view, and assess security posture and compliance information for third-party software products. Vendor Insights helps simplify and accelerate the risk assessment and procurement process.

  • You can discover products with Vendor Insights profiles by navigating to the AWS Marketplace search page and filtering by Vendor Insights and Security Profiles. Optionally, you can further filter by Product certificates to narrow the search results to products with certifications, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR. After you find a product that you are interested in, choose the title to navigate to the product details page. From the product details page, you can navigate to the Vendor Insights profile either by clicking the view assessment data button, or the link in the Vendor Insights widget. To view the dashboard with detailed evidence for the 125 security and compliance controls, click the request access button and complete a non-disclosure agreement with the vendor.

    For non-admin identity and access management (IAM) users, attach the Vendor Insights Managed Policy to the IAM role for access.

  • You can export the security and compliance control data in Vendor Insights dashboards, along with evidence, to the CSV and JSON format and ingest into your vendor management tools. You can also download certificates shared by the vendor through AWS Artifact third-party reports.

  • Your procurement team and security approvers can swiftly access the AWS Marketplace Vendor Insights dashboard from the AWS Marketplace product detail page. Integration with AWS Artifact third-party reports helps you access vendor compliance reports on-demand. Seller security profiles are automatically updated with evidence from AWS Config and AWS Audit Manager deployed on a seller's production account.

  • There is no charge to access and subscribe to security and compliance information for products with Vendor Insights security profiles to assist with pre-procurement evaluations for products not purchased in AWS Marketplace. By default, subscriptions to software security profiles expire after 60 days. You can keep the subscription active after 60 days by procuring the software in AWS Marketplace.

SOFTWARE VENDOR FAQs

  • Build your product’s Vendor Insights profile by uploading audit and compliance report(s), and completing a self-assessment on Audit Manager. Contact AWS Marketplace support to add a Vendor Insights profile to your software. To learn more about how to get started, visit the seller guide documentation.

  • Yes, you can view and approve buyer requests for viewing security controls and compliance artifacts that you store in Vendor Insights. By creating and sharing your Vendor Insights profile, you can expect shorter sales cycles and faster revenue recognition, which can help grow your business faster. 

  • Vendor Insights integrates with Audit Manager and AWS Config, which support automated evidence collection. Your product’s security and compliance information is automatically pulled and kept up to date, reducing the operational burden for your product teams. Vendor Insights integrates with AWS Artifact third-party reports to store your compliance and audit reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, and makes them available to buyers. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document.

  • No, Vendor Insights will support only AWS Marketplace software so you need to onboard your product to AWS Marketplace to create a Vendor Insights profile.

  • Yes, you can use Vendor Insights for software that is hosted across multiple clouds. However, Vendor Insights will not be able to source automated security control data from cloud environments outside of AWS. You can upload certified audit reports or provide manual evidence as self-attested information for your non-AWS environments.

  • Yes, Vendor Insights can be used for your software if you don’t currently use AWS security tools. You can upload manual evidence from your security tool as self-attested information. Alternatively, Vendor Insights can turn on AWS security services with a high tier of trust to help automate evidence gathering with Audit Manager.

Resources

Vendor Insights overview and demo    |  (4:18 min)