All data are located in a Tier II datacenter in Denmark. with some of the highest security measures around it.
Yes it is mandatory to use MFA. The price for using Vendora360 is set very low in order to allow for everybody to have there own account. This is to keep safety and logging at a top level.
Yes Vendora360 can be used for daily tasks. It is not a full task management or project management system but for most people the task manager in Vendora360 will do the job.
At the moment you can export an excel list of all you vendors, but soon it will be possible to export all data from the system.
Vendora360 have several possibilities for integration. please send a mail to contact@vendora360.com with your request, then we will get back to you with a solution.
Yes – If you need help in setting up the system please send a mail tilcontact@vendora360.com and we will get back to you right a way.
We support most security standards such as NIS2, DORA, GDPR, ISO27001, ISO27701, ISO27017, ISO27018 and many more.
Yes you can always try Vendora360 for free for 3 month, and if you only use the self assessment part it will always be free.
In this section, we’ll go through how to enter and update your company’s basic information in Vendora360.
1. Click “Company Settings”
Click “Company Settings” in the left menu to open your company settings. From here, you can manage your company’s basic data, users, departments, and other key configurations.
2. Click “Basic Data”
Select “Basic Data” under Company Settings to open the company profile settings.
3. Vis og rediger oplysninger
Here you can view and edit company details such as contact information, address, certifications, compliance standards, and climate impact.
4. Rediger en sektion
To edit a specific section, click the pencil icon on the right side of the field you want to update.
5. Opdater felter
Opdater oplysningerne og gem ændringerne.
6. Keep data updated
Make sure your company’s basic data is up to date.
This ensures accurate and professional insights throughout Vendora360.
In this guide, we go through a company’s basic settings in Vendora360. These settings form the foundation for risk assessments and supplier management.
1. Click “Company Settings”
Click “Company Settings” in the menu on the left to open your company’s settings menu. From here, you can manage your company’s basic data, users, departments, and other key settings. 
2. Click “Settings”
Click “Settings” under Company Settings to open your company’s basic configuration. 
3. Define vendor, service and data types
Here you can define vendor types, service types and data types used throughout the system. At the top of the page, you’ll find vendor, service and data types. Here you can specify how vendors and data should be categorized—for example, Business critical, Operational, and so on. 
4. Tags
Just below, you’ll find “Tags”. Here you can add or edit tags that can be used to sort and group vendors, risk assessments, and other elements within the system. 
5. Security Classification Types
Under “Security Classification Types” you can create and manage classification levels for your company’s data. These levels indicate how sensitive the information is and ensure that data is handled correctly in risk assessments and throughout the system. 
6. Types of Assets
Further down the page, under “Types of Assets”, you can create the asset categories used in risk assessments. These may include asset types such as Hardware, Software, Processes, and other relevant categories. 
7. Default Threat and Vulnerabilities
Just below Types of Assets, you’ll find “Default Threat and Vulnerabilities for an asset”. Here you can add default descriptions for each asset type, which will automatically be inserted during risk assessments. 
8. Acceptable Risk Scores
At the bottom of the page, you’ll find “Acceptable Risk Scores”. Here you can define which risk levels are acceptable in your company within areas such as Security, ESG/CSR, Financial, Quality, and GDPR. 
9. Configuration complete
Once the basic settings are configured, they form the foundation for your company’s risk assessments and supplier management. These configurations ensure that Vendora360 operates in alignment with your organization’s structures, classification, and risk models. 
In this guide, we walk through where to set up your company’s locations and departments in Vendora360.
1. Open Locations
When you click “Locations” under Company Settings, you are taken to a page displaying a list of all locations in the company. 
2. Search and view location details
Here you can search the list and view details such as location name, address, country, owner, type, and available actions (view, edit, and delete). 
3. Add a new location
From this page, you can also add a new location using the “Add Location” button. 
4. View a location
By clicking on the eye icon next to a location, you can view a complete overview of activities linked to that location. 
5. View associated activities
This includes associated contracts, projects, departments, and risk assessments, giving you a clear understanding of the location’s importance and its role within the organization. 
6. Open Departments
To view all departments within your company, click “Departments” in the menu under Company Settings. 
7. Department overview
This opens an overview of all departments in the organization, where you can search the list and view details such as department name, department number, associated location, description, and available actions. 
8. Add a new department
Similar to the Locations page, you can easily add a new department by clicking “Add Department”. 
9. Structured overview of locations and departments
A clear structure for locations and departments makes it easier for your organization to assign vendors, risk assessments, contracts, projects, and other activities to the correct units. This helps keep data well organized and provides a clear understanding of responsibilities and relationships across the organization. 
In this guide, we walk through how to configure user roles and permissions in Vendora360. Roles and permissions control what users can see and perform within the system.
1. View all existing user roles
To view all existing user roles, go to Company Settings and select “User Roles” under User Management. 
2. User Roles overview
This page provides an overview of all roles in the system, including role name, description, creation date, and options to edit or delete roles. 
3. Create a new role
In the top-right corner, you can create a new role by clicking “Add Role”. 
4. Edit an existing role
Click the edit icon next to the role you want to update. 
5. Modify role title and description
You can now modify the role title and update the description to clearly define what permissions and functions users with this role should have. Clear descriptions make role management easier across the organization. 
6. Open “Permissions”
To grant or limit access to certain parts of the system, open “Permissions”. Here you can set detailed permissions for each role. 
7. Select the role to configure
On the Permissions page, select the role you want to configure at the top of the screen. 
8. Show or hide main modules
For each main module (e.g., Overview, Vendor Management, Compliance, Company Settings), choose between:
• Show – the module is visible
• Hide – the module is hidden
This determines whether the user can see the module in the sidebar. 
9. Fine-tune sub-permissions
When a module is set to Show, you can fine-tune permissions for each sub-item. The available options are:
• Hide – user cannot see the submodule
• Reader – view only
• Normal User – standard actions
• Administrator – full access including advanced actions
This structure allows you to tailor each role so users only access what they need. 
10. Ensure proper configuration
Proper configuration ensures that each employee only has access to the features and data relevant to their responsibilities. 
.
In this guide, you’ll learn how to add a new user to your Vendora360 environment. User roles and permissions ensure that each employee only has access to the information relevant to their responsibilities.
1. Open User Management
Go to Company Settings in the left-hand menu and click User Management to access your organisation’s user overview. 
2. Click “Manage Users”
Select Manage Users to view a full list of existing users, including their verification status, phone numbers and assigned roles. 
3. Click “Add User”
Click the Add User button in the top-right corner to begin creating a new user profile. 
4. Fill in the user information
Enter the new user’s details, including first name, last name, job title, email address, phone number and department. All fields marked with * are required. 
5. Save the new user
Click Add and Continue to create the user. The user will now appear in your user list and receive a verification email if required. 
Your new user has now been added and can be assigned specific roles and permissions based on your organisation’s structure.
In this guide, you’ll learn how to complete your company’s internal self assessments in Vendora360.
There are four assessment areas under Self Assessments: Security, ESG, GDPR and Quality. For each area, you answer a series of questions with Yes, Partly or No and submit your responses.
1. Open Company Settings
From the left-hand menu, go to Company Settings to access the configuration area for your organisation. 
2. Go to Self Assessments
Under Company Settings, click Self Assessments. Here you will see the four available assessment categories: Security, ESG, GDPR and Quality. 
3. Open the Security self assessment
Start by clicking Security and then the relevant assessment opens (for example Assessment | Security CIS v8). This will display a list of security controls with questions you need to answer. 
4. Answer the questions (Yes / Partly / No)
For each question in the assessment, choose one of the three options: Yes, Partly or No. Work through the list from top to bottom so that every control has a selected answer. The overall score will be calculated based on your responses.
When you have answered all questions, scroll to the bottom of the page and click Tilmeld. Your answers are saved, and the Security score in the overview will be updated accordingly. 
5. Repeat for ESG, GDPR and Quality
Return to Self Assessments in the left-hand menu and repeat the same process for the remaining categories:
For each area, open the assessment, answer all questions with Yes, Partly or No, and click Tilmeld at the bottom when you are done. 
Once all four self assessments have been completed and submitted, your organisation’s scores for Security, ESG, GDPR and Quality will be reflected in the Vendora360 dashboards and reports.
In this guide, you will learn how to add your first vendor in Vendora360. Follow the steps below to create and invite a new vendor to your organisation.
1. Go to Vendor Management
Click “Vendor Management” in the left menu to access all vendor-related features in Vendora360.
2. Open the Vendors list
Under Vendor Management, click “Vendors” to view all existing vendors and manage their details.
3. Click “Add Vendor”
The vendor overview page shows all current vendors. Click “Add Vendor” in the top-right corner to begin creating a new vendor.
4. Click “Create Vendor”
Search for an existing vendor first. If the vendor does not appear in the search results, click “Create Vendor” to manually create a new one.
5. Fill in Vendor Information
You must now complete the vendor’s company details, including:
– Company Name
– VAT Number
– Email
– Country
– Vendor Type
– Contact Person Name & Email
Once completed, click “Save and Invite” to send an invitation to the vendor.
6. Invite the Vendor
Review the information and confirm by clicking “Save and Invite”. The vendor will now receive an invitation to complete their profile in Vendora360.
Your vendor is now added and can be seen in the vendor list. Once they accept the invitation, their compliance and assessment status will begin updating automatically within Vendora360.
In this guide, you will learn how to add a new contract in Vendora360. Follow the steps below.
1. Open the Contract module
Click “Contracts” in the Vendor Management menu to access your company’s contract list. 
2. Click “Add Contract”
Use the button in the top-right corner to create a new contract entry. 
3. Fill out the contract information
Enter the required details, such as:
These fields help define, classify, and link your contract correctly within Vendora360. 
4. Upload the contract document
Attach the contract file by clicking “Choose file”. This ensures the contract version is stored securely and is accessible for future reviews. 
5. Save the contract
Finish by clicking “Save”. Your contract is now added to Vendora360 and will appear in the contract list and relevant vendor overview.
The Vendor Overview is the default dashboard you see when logging into Vendora360. It provides a complete snapshot of your vendor landscape, including approvals, compliance status, and performance across the year. Follow the guide below to understand what you can see and how to navigate it.
1. Accessing the Overview
When you log in, Vendora360 automatically opens the Overview dashboard. You can also return to it anytime by clicking “Overview” in the menu. 
2. Open the Vendor Overview section
Under the Overview menu, click “Vendor” to see vendor-specific metrics and charts. 
3. Top-level vendor metrics
At the top of the page, you will find key summaries, including:
On the right side, you will also see My Company, showing your organisation’s latest SECURITY, ESG, GDPR, and QUALITY scores, together with next review dates. 
4. Yearly performance charts
Scrolling down, you will find your vendor performance trend charts for the running year:
These graphs help you track changes over time and quickly spot improvements or declines in vendor performance. 
The Vendor Overview gives you a clear understanding of your vendor landscape and helps you navigate directly to vendors, contracts, compliance areas or risk assessments for further action.
5. Viewing Pending Vendors
To see vendors that still require approval or have not yet accepted their invitation, click “Vendors” under the Vendor Management menu. In the vendor list, look for the Pending status, highlighted in yellow. These vendors either await approval or have an outstanding invite. 
In this section, we will look at the extended information available in the Vendor Overview — specifically the Supply Chain Overview and your company’s overall Security, ESG, GDPR, and Quality scores, including their upcoming next review dates.
1. Open Vendor Overview
Navigate to Vendor Overview in the left-hand menu. Here, you get a full overview of your supplier portfolio, including approved vendors, pending invitations, and non-compliant vendors. 
2. View your company’s security and compliance performance
On the right side of the overview, click My Company to access the summary of your organisation’s Security, ESG, GDPR, and Quality scores.
Each area is shown with a numerical score and a scheduled Next Review Date, helping you understand when the next assessment must be completed. 
What this allows you to do
This section helps you maintain a strong overview of both your suppliers and your own organisation’s compliance posture, making it easier to plan improvements and upcoming reviews.
The Vendor Risk Assessment section gives you a high-level overview of each vendor’s security posture, based on their completed vendor self-assessments and the documents they have provided.
This is not where you perform a full risk assessment – that happens later in Section 3: Risk Assessments. Instead, this page helps you understand the vendor’s baseline maturity before you complete the formal risk assessment.
1. Go to the Vendor List
Navigate to Vendor Management → Vendors to see all your vendors. Here you can quickly review their approval status, country, and their four score areas (Security, ESG, GDPR, Quality).
2. Open a vendor profile
Click the View icon on the right side of a vendor to open their complete vendor profile. This page contains all registered information for the vendor.
3. Review the vendor’s self-assessment scores
On the right side, you will see four score areas:
These scores come directly from the vendor’s completed Self Assessment (see Section 1.6 Vendor Self Assessment).
This means the vendor has already answered a structured questionnaire, and the scores summarise their maturity level.
4. Open the detailed self-assessment answers
Click the eye icon next to any score to view the full questionnaire the vendor has completed. This view shows every question and their selected answer (Yes / Partly / No).
This helps you understand why the vendor received their score.
Below the scores you will find the vendor’s uploaded certificates. These help validate the statements made in the self-assessment.
6. Use the vendor overview as input to your risk work
Together, the scores, detailed answers, certificates, contracts and projects linked to the vendor provide a solid basis for understanding the vendor’s risk profile. You can use this information as input when you work with your organisation’s formal risk assessments.
The Vendor Risk Assessment view shows the completed assessment result for the vendor – including scores and all underlying answers. If you want to see where and how the individual questions are answered step by step, continue to the next guide, which explains the assessment questionnaire and how it is completed. In other words, this section is for reviewing and interpreting vendor risk, while the next section shows you how the assessment itself is carried out in the system.
In this guide, you will learn how to create a new risk assessment in Vendora360 – from opening the Risk Assessments module to linking the assessment to vendors, projects and contracts.
1. Click “Risk Assessments”
In the left-hand menu, click “Risk Assessments” to open the overview of all existing risk assessments in your organisation. 
2. Open the “Assessments” tab
At the top of the page, click the “Assessments” tab. This view shows all registered risk assessments and allows you to filter by owner, department, risk level and status. 
3. Click “Create New Risk”
To create a new risk assessment, click “Create New Risk” in the top-right corner. This opens the Create Risk Assessment form where you will enter all relevant details. 
4. Fill in the main risk information
In the first part of the form, enter the core information about the risk. Typical fields include:
This section forms the foundation of the risk assessment. 
5. Complete the Risk Calculation
Scroll down to the “Risk Calculation” section. Here you assess the severity of the risk by setting:
Vendora360 automatically calculates a Calculated Risk score based on these inputs. You can also add comments explaining your impact and likelihood ratings. 
6. Link the risk to ISO 27001
In the “Risk Assessment” section, you can link the risk to relevant ISO 27001 controls. Use the ISO 27001 reference dropdown to select the Annex A control or area that best matches the risk. This creates a clear connection between the risk and the compliance requirement and makes it easier to demonstrate alignment with ISO 27001 during audits. 
7. Use the “Associations” section and save
Scroll to the “Associations” section. Here you can link the risk assessment to:
You can also enter an Expected Cost of Mitigation to estimate what it will cost to treat or reduce the risk.
When you are finished, click Save. The risk assessment will now appear in the Risk Assessments overview, where it can be monitored, updated and used in reporting. 
After you have created one or more risk assessments (see 3.1 Create a Risk Assessment), you can use the Risk Overview to get a visual and aggregated view of all risks in your organisation.
1. Click “Overview”
From the left-hand menu, go to Risk Assessments and click the “Overview” tab at the top. This opens the Risk Overview page, showing all risk assessments in one place. 
2. Understand the Risk Overview page
At the top of the page, you will see summary tiles with the total number of risks by level (High, Moderate, Low, etc.). Below, a bar chart shows the overall risk exposure before and after mitigation. At the bottom of the page, a detailed table lists each risk assessment with owner, department, location, risk level, status and actions. You can use the filters above the table to narrow down the view by risk level, owner, department and more. 
3. Open the Risk Matrix
To see your risks plotted visually by impact and likelihood, click the “View Matrix” button in the top-right corner of the Risk Overview page. 
4. Read the Risk Matrix
The Risk Matrix shows how many risks fall into each combination of Impact (rows) and Likelihood (columns). Cells are colour-coded from green (low) to yellow (moderate) and red (high), making it easy to see where your most critical risks are concentrated. Each cell also displays the number of risks recorded in that impact/likelihood combination. 
5. Filter and interpret the matrix
Use the filters above the matrix to narrow the view to specific departments or locations. Below the matrix, the Risk Level Legend helps you understand how the calculated scores correspond to Low, Moderate, and High risk levels. The matrix provides a clear visual overview and helps you quickly identify which risks need attention first, supporting efficient prioritisation of mitigation efforts across the organisation.
Risk Details
When clicking a risk directly in the matrix, the detailed information for that risk is displayed below. Here you can see the asset name, risk owner, department, and location — along with the calculated risk score and category. From this section, you can select “View Details” to open the full risk assessment, where you can review all data, update information, or add mitigation actions as needed. 
.
In this guide, you will learn how to create a mitigating task from an existing risk assessment in Vendora360. Mitigating tasks help ensure that identified risks are followed by concrete actions.
1. Open the relevant risk assessment
Go to Risk Assessments and open the risk assessment you want to work with (either by clicking the name or the view/edit icon). Inside the assessment, scroll down to the “Associations” section at the bottom of the form. 
2. Click “Create mitigating task”
In the Associations section, click the button “+ Create mitigating task”. Vendora360 will automatically create a new task linked to this risk assessment and open the Mitigating Task dialog. 
3. Review the pre-filled task information
The Mitigating Task window is pre-populated based on the risk assessment. Typically, the following fields are filled in automatically:
You can adjust these fields if needed, but in most cases you only need to set the dates.
Now enter:
and, if relevant, update the Status (for example To do, In progress or Done). 
4. Save and track the mitigating task
Click “Save” to create the mitigating task. The task is now linked to the risk assessment and will be visible:
From these views you can follow progress, update status and ensure that mitigation activities are completed. 
Your mitigating task is now active and forms part of your organisation’s structured risk management process in Vendora360.
The purpose of this process is to ensure that the company maintains compliance across all operational areas – in accordance with applicable legal requirements as well as the principles and controls established in the Information Security Policy. Creating internal controls helps monitor, evaluate, and document compliance activities effectively.
1. Step 1 – Click “Compliance”
Go to the main navigation menu and select “Compliance”.
2. Step 2 – Click “Controls”
Within the Compliance module, choose “Controls” to access the list of existing internal controls.
Here, you can review all current controls, including their type, responsible person, location, department, and recurring schedule.
3. Step 3 – Click “Create Control”
Click the “Create Control” button to begin defining a new control. This opens a form where you can input details such as the control’s purpose, owner, frequency, and approval information.
4. Step 4 – Fill Out the Form
Complete all required fields in the form. Include information such as:
Upload any necessary supporting evidence to document compliance.
5. Step 5 – Click “Save”
Once all required information is entered, click “Save” to finalize and register the control.
This will make the control available for tracking, review, and auditing purposes. Ensure the status is updated accordingly (e.g., “To-Do” or “Approved”).
The Internal Audit module helps you record and manage internal audits efficiently. This guide shows you how to set up a new audit and fill in the key fields.
1. Navigate to the Compliance section
Click “Compliance” in the left-hand menu to access all compliance-related functions, including internal audits.
2. Open the Audit module
Select “Audit” under the Compliance menu to view your existing audits and create new ones.
3. Start creating a new audit
Click “Add Audit” in the top-right corner of the Audit List to begin setting up a new internal audit.
4. Enter the audit name
Click the “Audit Name” field and enter a clear and descriptive title for the audit.
5. Enter the audit number
Click the “Audit No” field and enter a unique identification number for the audit. This helps track and reference audits consistently.
6. Add an audit description
Click the “Description” field and provide a clear summary of the audit’s purpose or scope.
7. Select the audit location
Open the “Location” dropdown to choose where the audit is being conducted.
8. Choose the associated project
Click “Select a project” to link the audit to a specific project. From the list, choose the correct project.
9. Choose the associated contract
Use the “Contract” field to link the audit to a specific contract associated with the vendor or project being reviewed.
10. Attach the audit report
Under “Attach audit report”, click “Choose file” to upload the final audit report or supporting documentation.
11. Save the audit
Click “Save” to create the audit. It will now appear in the Audit List, where you can access, update, or attach an audit report.
In this guide, you will learn how to work with tasks in Vendora360 – from finding existing tasks to creating new ones and updating their status and approval.
1. Click “Overview”
Start by clicking “Overview” in the left-hand menu to open the main dashboard. From here you get a quick overview of vendors, approvals and pending activities. 
2. Open the Task List
Click “Tasks” in the menu to open the Task List. This page is the central place for managing all tasks in Vendora360. 
3. Understand the three task tabs
At the top of the Task List you will find three tabs:
Review – shows automatically generated review tasks, for example upcoming vendor or contract reviews, with owner and next review date.
Task – contains all manual tasks created by users, such as follow-ups, reminders or internal actions.
Mitigating task – lists tasks that are linked to risk assessments or controls and used to mitigate identified risks or findings.
Use the search field to quickly find specific tasks across the active tab. 
4. Click “Task” and create a new task
Go to the “Task” tab to work with manual tasks. Click “Create Task” in the top-right corner to create a new task. 
5. Fill in the task details
In the Create Task form, enter the following information:
When all fields are filled in, click “Save”. The task will now appear in the Task overview. 
6. Open and review an existing task
You can always open a task to see or edit its details. In the Task overview, click the eye icon under Actions next to the relevant task. 
7. Update the task status
When the work on the task progresses, update the Status field accordingly (for example from To do to In process or Completed). Keeping the status updated gives everyone an accurate overview of progress. 
8. Add approval details and save
When the task is completed, you can register the approval:
Click “Save” to store the updated status and approval information. 
Go back to the Task List to see the updated task with its new status and approval details. This overview helps you keep track of all open and completed tasks across the organization.
9. Review mitigating tasks
To see tasks that are linked to risks or findings, click the “Mitigating task” tab. Here you can view all mitigating tasks and use the eye icon to open a specific task and review the details and follow-up actions. 
