UpGuard
Third party & supplier risk management software
IT risk management software
Vendor security and privacy assessment software
Risk assessment software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if UpGuard and its alternatives fit your requirements.
Pay-as-you-go
Free TrialFree version
Small
Medium
Large
- Information technology and software
- Media and communications
- Education and training
What is UpGuard
UpGuard is a third-party cyber risk management platform that helps organizations assess, monitor, and manage the security posture of vendors and other external parties. It is used by security, risk, and procurement teams to support vendor onboarding, continuous monitoring, and remediation workflows. The product combines external security ratings and attack-surface signals with questionnaire-based assessments and evidence collection. It also supports reporting and collaboration to track findings and drive risk treatment with suppliers.
External security ratings signals
UpGuard provides externally observed security posture signals that help teams triage vendor risk without relying solely on self-attestation. This supports continuous monitoring for changes that may affect a supplier’s risk profile. It is useful for prioritizing outreach and remediation when managing large vendor portfolios.
Questionnaires and evidence workflows
The platform supports vendor security questionnaires, evidence requests, and follow-ups in a structured workflow. This helps standardize assessments across business units and reduce ad-hoc email-based collection. Teams can track completion status and maintain an audit trail for reviews and renewals.
Portfolio-level risk reporting
UpGuard supports reporting across vendors to identify higher-risk suppliers and recurring control gaps. This helps security and risk leaders communicate third-party exposure to stakeholders and align remediation priorities. The approach fits programs that need repeatable metrics and periodic reporting.
Ratings require contextual validation
Externally derived ratings can produce false positives or miss context that is only visible internally at the vendor. Many organizations still need questionnaires, evidence review, and direct validation to confirm severity and business impact. This can limit how far teams can automate decisions based on scores alone.
Depth varies by vendor type
External monitoring is most informative for internet-facing assets and may be less conclusive for vendors with limited public footprint or highly segmented environments. For certain supplier categories (e.g., professional services or niche providers), teams may rely more heavily on documentation-based assessments. This can reduce consistency of risk signals across a diverse supplier base.
Program setup and change management
Implementing third-party risk workflows typically requires tailoring questionnaires, scoring logic, and stakeholder processes to match internal policy. Organizations may need time to align procurement, security, and business owners on intake, exceptions, and remediation SLAs. Without governance, the tool can become a repository rather than an operational program.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Free | $0 per month | Self-service Vendor Risk: monitor up to 5 vendors (free). Basic vendor risk access; start with platform free tier. |
| Starter | $1,599 per month (annual) | Everything in Free, plus: Monitor 50 vendors; monitor your own attack surface; API & integrations; typosquatting & identity-breach detection. |
| Professional | $3,333 per month (annual) | Everything in Starter, plus: Monitor 150 vendors; custom co-branding; templates & automated vendor classification; audit log. |
| Enterprise | Contact sales | Everything in Professional, plus: unlimited vendors; subsidiary monitoring; designated support; custom/multi-org features. |
Additional/usage-based offerings (official site):
- Breach Risk (Attack Surface Management): Starting from $250 per month (USD). Upguard also documents self-service Breach Risk tiers (SMB/SME/Mid Market/Enterprise) with prices $250 / $500 / $2,000 / Contact us respectively on the self-service billing help page.
- Trust Exchange (Paid upgrade): Starting from $600 per month (USD) for expanded questionnaire imports, custom domains, watermarking, etc.
- Self-service Vendor Risk: Official help documentation states the self-service Vendor Risk plan is free for monitoring up to 5 vendors; additional vendors are charged per-vendor (current help page shows $30 per vendor per month above five for self-service accounts).
Seller details
UpGuard, Inc.
San Francisco, CA, USA
2012
Private
https://www.upguard.com/
https://x.com/UpGuard
https://www.linkedin.com/company/upguard/
