Vanta · Schema

Vanta Vendor

A third-party vendor tracked in the Vanta compliance platform for security review

CybersecurityComplianceSecurityGovernanceRisk Management

Properties

Name Type Description
id string Unique vendor identifier assigned by Vanta
name string Vendor company name
url stringnull Vendor website URL
riskLevel string Inherent risk level based on data access and criticality
residualRiskLevel stringnull Residual risk level after security controls are applied
reviewStatus string Current security review status
hasContract boolean Whether a signed contract exists with this vendor
hasDpa boolean Whether a Data Processing Agreement (DPA) exists
createdAt string When this vendor was added to Vanta
nextReviewDate stringnull Date of the next scheduled security review
View JSON Schema on GitHub

JSON Schema

vanta-vendor-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/vanta/main/json-schema/vanta-vendor-schema.json",
  "title": "Vanta Vendor",
  "description": "A third-party vendor tracked in the Vanta compliance platform for security review",
  "type": "object",
  "required": ["id", "name", "riskLevel", "reviewStatus"],
  "properties": {
    "id": {
      "type": "string",
      "description": "Unique vendor identifier assigned by Vanta"
    },
    "name": {
      "type": "string",
      "description": "Vendor company name"
    },
    "url": {
      "type": ["string", "null"],
      "format": "uri",
      "description": "Vendor website URL"
    },
    "riskLevel": {
      "type": "string",
      "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"],
      "description": "Inherent risk level based on data access and criticality"
    },
    "residualRiskLevel": {
      "type": ["string", "null"],
      "enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW", null],
      "description": "Residual risk level after security controls are applied"
    },
    "reviewStatus": {
      "type": "string",
      "enum": ["NOT_STARTED", "IN_PROGRESS", "APPROVED", "REJECTED"],
      "description": "Current security review status"
    },
    "hasContract": {
      "type": "boolean",
      "description": "Whether a signed contract exists with this vendor"
    },
    "hasDpa": {
      "type": "boolean",
      "description": "Whether a Data Processing Agreement (DPA) exists"
    },
    "createdAt": {
      "type": "string",
      "format": "date-time",
      "description": "When this vendor was added to Vanta"
    },
    "nextReviewDate": {
      "type": ["string", "null"],
      "format": "date",
      "description": "Date of the next scheduled security review"
    }
  },
  "additionalProperties": false
}