How to Monitor Digital Risk (DRM)
Prerequisites
A vendor with a valid domain configured
SaaS plan with DRM feature enabled
Accessing Digital Risk
Navigation: Sidebar → Vendors → [Select Vendor] → Digital Risk Tab
Click on a vendor in the vendor list.
Navigate to the Digital Risk tab.
The DRM view loads with the vendor's external risk data.
What DRM Shows
Risk Overview and Metrics
| Metric | Description |
|---|
| Risk Score | Overall external risk rating for the vendor |
| Likelihood Score | Probability of exploitation based on external exposure |
| Total Assets | Number of internet-facing assets discovered |
| Findings | Security issues found (pie chart by severity) |
Five Analysis Tabs
| Tab | What It Shows |
|---|
| Overall Sections | Summary of risk across all categories |
| Asset Wise Risk Breakdown | Risk analysis per discovered asset |
| Exposed Secrets Found | Leaked credentials or secrets detected on vendor infrastructure |
| All Security Findings | Complete list of vulnerabilities and misconfigurations |
| Graph Analysis | Visual relationship graph of vendor assets and their connections |
Cross-Product Risk Creation
If you identify a critical finding in the DRM view, you can create a risk entry directly from the DRM interface. This risk will be tracked in the vendor's Manage Risk tab.
How DRM Complements Questionnaires
| Assessment Type | Data Source | Strength |
|---|
| Questionnaires | Vendor self-reported | Detailed internal controls and process information |
| Digital Risk (DRM) | External scanning | Objective, real-time external security posture |
> Tip: Use DRM data to validate vendor questionnaire responses. If a vendor claims strong security but DRM shows critical vulnerabilities, investigate further.
Troubleshooting
| Issue | Solution |
|---|
| Digital Risk tab not visible | DRM is a SaaS feature. Verify your plan includes DRM. |
| No data in DRM view | The vendor needs a valid domain. DRM scans internet-facing infrastructure. |
| DRM data seems outdated | DRM data refreshes periodically. The most recent scan date is displayed on the page. |
| Cannot create risk from DRM | Verify your role has Risk Create permission. |
Related Articles
How to Generate Vendor Risk Reports
Prerequisites At least one vendor with assessment data Access to the Reports section Generating a Report Navigation: Sidebar → Reports Step 1: Open Reports Click Reports in the sidebar. The Reports page shows available report options and previously ...
How to Manage the Vendor Risk Lifecycle
Prerequisites At least one vendor in the system Access to the vendor's Manage Risk tab Accessing Vendor Risk Management Navigation: Sidebar → Vendors → [Select Vendor] → Manage Risk Tab Click on a vendor to open their details page. Navigate to the ...
How to Review Vendor Risk Scores
Prerequisites At least one vendor with a completed assessment Access to the vendor risk section Viewing Vendor Risk Scores Navigation: Sidebar → Vendors → [Select Vendor] → Risk Tab Step 1: Open Vendor Risk Details Click Vendors in the sidebar. Click ...
How to Send Risk Assessments to Vendors
Prerequisites At least one vendor with identified risks in the Manage Risk tab Access to the vendor's risk section Sending Risks to a Vendor Navigation: Sidebar > Vendors > [Select Vendor] > Manage Risk Tab Step 1: Select Risks to Send Open a ...
How to Add a Vendor
Prerequisites Access to the Vendors section Vendor name and domain information (Optional) Business owner details, industry classification, and tier information Adding a Single Vendor Navigation: Sidebar → Vendors → Add Vendor Step 1: Vendor ...