AWS Marketplace / Features / ...
Vendor Insights
Improve procurement speed and trust by streamlining vendor risk assessments
Simplify third-party software risk assessments
Validate vendors faster
Access and download security and compliance artifacts in the Vendor Insights dashboard, reducing the need for manual questionnaires and saving you 8-10 weeks of evidence collection and validation.
Continual compliance monitoring
AWS Config and Audit Manager provide automated evidence refreshing, giving you continual risk monitoring for your third-party software and reducing the need for annual assessments.
Security profile notifications
Gain ongoing visibility into the security posture of your third-party products by signing up for notifications. You can get alerts for security and compliance events, such as expiration of a vendor’s compliance certificate.
How it works
Enterprise customers
Your security engineers can now complete third-party software risk assessments in days instead of months. Vendor Insights reduces the need for an extensive IT security assessment and discovery process.
Quickly discover products in AWS Marketplace that meet your security and certification standards by searching for and accessing Vendor Insights profiles.
Access and download current and validated information, with evidence gathered from the vendors’ security tools and audit reports.
Monitor your software’s security posture post-procurement and receive notifications for security and compliance events.
Software vendors
AWS Marketplace software vendors can now reduce the operational burden of responding to buyer requests for risk assessment information by centralizing security and compliance artifacts and giving your customers a self-service access experience.
Build your product’s profile by uploading your audit and compliance reports and completing a software risk assessment with Audit Manager.
Store your compliance reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, in AWS Artifact third-party reports.
View and approve your buyer requests for viewing security controls and compliance artifacts stored in Vendor Insights.
Discover products with Vendor Insights profiles
Frequently asked questions
SOFTWARE BUYER FAQs
-
What is AWS Marketplace Vendor Insights?
Vendor Insights is a new feature in AWS Marketplace that gives you a simple way to request, view, and assess security posture and compliance information for third-party software products. Vendor Insights helps simplify and accelerate the risk assessment and procurement process.
-
How do I get started with Vendor Insights?
You can discover products with Vendor Insights profiles by navigating to the AWS Marketplace search page and filtering by Vendor Insights and Security Profiles. Optionally, you can further filter by Product certificates to narrow the search results to products with certifications, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR. After you find a product that you are interested in, choose the title to navigate to the product details page. From the product details page, you can navigate to the Vendor Insights profile either by clicking the view assessment data button, or the link in the Vendor Insights widget. To view the dashboard with detailed evidence for the 125 security and compliance controls, click the request access button and complete a non-disclosure agreement with the vendor.
For non-admin identity and access management (IAM) users, attach the Vendor Insights Managed Policy to the IAM role for access.
-
Can I download security and compliance information from Vendor Insights?
You can export the security and compliance control data in Vendor Insights dashboards, along with evidence, to the CSV and JSON format and ingest into your vendor management tools. You can also download certificates shared by the vendor through AWS Artifact third-party reports.
-
How does this service relate to/work with AWS services?
Your procurement team and security approvers can swiftly access the AWS Marketplace Vendor Insights dashboard from the AWS Marketplace product detail page. Integration with AWS Artifact third-party reports helps you access vendor compliance reports on-demand. Seller security profiles are automatically updated with evidence from AWS Config and AWS Audit Manager deployed on a seller's production account.
-
Can I use Vendor Insights if I don’t procure software through AWS Marketplace?
There is no charge to access and subscribe to security and compliance information for products with Vendor Insights security profiles to assist with pre-procurement evaluations for products not purchased in AWS Marketplace. By default, subscriptions to software security profiles expire after 60 days. You can keep the subscription active after 60 days by procuring the software in AWS Marketplace.
SOFTWARE VENDOR FAQs
-
How do I build a Vendor Insights profile for my software?
Build your product’s Vendor Insights profile by uploading audit and compliance report(s), and completing a self-assessment on Audit Manager. Contact AWS Marketplace support to add a Vendor Insights profile to your software. To learn more about how to get started, visit the seller guide documentation.
-
Do I have control over who can access my information in my Vendor Insights profile?
Yes, you can view and approve buyer requests for viewing security controls and compliance artifacts that you store in Vendor Insights. By creating and sharing your Vendor Insights profile, you can expect shorter sales cycles and faster revenue recognition, which can help grow your business faster.
-
How does this service relate to and work with AWS services?
Vendor Insights integrates with Audit Manager and AWS Config, which support automated evidence collection. Your product’s security and compliance information is automatically pulled and kept up to date, reducing the operational burden for your product teams. Vendor Insights integrates with AWS Artifact third-party reports to store your compliance and audit reports, including SOC 2 Type 2, ISO 27001, PCI DSS, FedRAMP, HIPAA, and GDPR, and makes them available to buyers. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document. Each document downloaded by buyers has a unique, traceable watermark and has the Terms and Conditions prefixed to the document.
-
Can I onboard my product to Vendor Insights if I don't sell through AWS Marketplace?
No, Vendor Insights will support only AWS Marketplace software so you need to onboard your product to AWS Marketplace to create a Vendor Insights profile.
-
Can I use Vendor Insights if I build my software across multiple cloud infrastructures?
Yes, you can use Vendor Insights for software that is hosted across multiple clouds. However, Vendor Insights will not be able to source automated security control data from cloud environments outside of AWS. You can upload certified audit reports or provide manual evidence as self-attested information for your non-AWS environments.
-
Can I use Vendor Insights if I don’t use AWS security tools?
Yes, Vendor Insights can be used for your software if you don’t currently use AWS security tools. You can upload manual evidence from your security tool as self-attested information. Alternatively, Vendor Insights can turn on AWS security services with a high tier of trust to help automate evidence gathering with Audit Manager.
Resources
Vendor Insights overview and demo | (4:18 min)
Get started with AWS Marketplace
AWS Marketplace is a curated digital catalog that makes it easy to find, test, buy, and deploy the third-party software you want, with the simplified procurement and controls you need.