Vendor Insights

Improve procurement speed and trust by streamlining vendor risk assessments


Simplify third-party software risk assessments

AWS Marketplace Vendor Insights helps simplify third-party software risk assessments by compiling security and compliance information in a unified dashboard. It helps streamline the procurement process by granting you access to evidence made available by sellers related to data privacy and residency, application security, and access control. AWS Config and AWS Audit Manager provide automated evidence refreshing, helping you perform continual compliance monitoring. Using AWS Artifact third-party reports (Preview), gain on-demand access to vendors’ compliance reports.
AWS Marketplace Vendor Insights | (1:48 min)

Validate vendors faster

Access and download security and compliance artifacts in the Vendor Insights dashboard, reducing the need for manual questionnaires and saving you 8-10 weeks of evidence collection and validation.

Continual compliance monitoring

AWS Config and Audit Manager provide automated evidence refreshing, giving you continual risk monitoring for your third-party software and reducing the need for annual assessments.

Security profile notifications 

Gain ongoing visibility into the security posture of your third-party products by signing up for notifications. You can get alerts for security and compliance events, such as expiration of a vendor’s compliance certificate.

How it works

Chart of how it works, from left 1st column 2 rows, second column 3 rows, 3rd column 3 rows. Starting from top right: AWS Config, AWS Audit Manager, and SaaS hosting AWS accounts leads to the left column in to Evidence from workloads on AWS. Below that section is AICPA SOC 2 and ISO 27001 leading in to the left column, second row of chartin to Evidence from audit report.  Below that section is Product Owner leading in to Self Attestation.  Evidence from workloads on AWS, Evidence from audit report, and Self Attestation lead in to Security Controls in the 1st column, 1st row.  In 1st column, 2nd row, column title AWS Artifact: PCI Security Council, HIPPA Compliance, FedRAMP, and Additional Artifacts.  The first column then points to a box labeled AWS Marketplace Vendor Insights

Enterprise customers

Your security engineers can now complete third-party software risk assessments in days instead of months. Vendor Insights reduces the need for an extensive IT security assessment and discovery process.

Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles.

Access and download current and validated information, with evidence gathered from the vendors’ security tools and audit reports.

Monitor your software’s security posture post-procurement and receive notifications for security and compliance events.

Software vendors

AWS Marketplace software vendors can now reduce the operational burden of responding to buyer requests for risk assessment information by centralizing security and compliance artifacts and giving your customers a self-service access experience.

Build your product’s profile by uploading your ISO 27001 or SOC2 Type 2 report and completing a software risk assessment with Audit Manager. 

Store your compliance reports, such as ISO 27001 and SOC2 Type 2, in AWS Artifact third-party reports (Preview).

View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights.

Frequently asked questions




Vendor Insights overview and demo    |  (4:18 min)