The Vendor object
Global ID (GID) of the vendor.
GID of the organization this vendor belongs to.
Display name of the vendor.
Optional description.
Vendor category. See the Category enum below.
Physical address of the vendor’s headquarters.
Legal entity name (if different from display name).
Vendor’s website URL.
URL of the vendor’s privacy policy.
URL of the service level agreement document.
URL of the data processing agreement.
URL of the business associate agreement (relevant for HIPAA).
URL of the vendor’s subprocessors list.
List of compliance certifications held by the vendor (e.g.
"SOC 2 Type II", "ISO 27001").Countries where the vendor operates or stores data (ISO 3166-1 alpha-2 codes).
GID of the internal user who owns the business relationship with this vendor.
GID of the internal user who owns the security review for this vendor.
URL of the vendor’s status page.
URL of the vendor’s terms of service.
URL of the vendor’s security documentation page.
URL of the vendor’s trust center.
ISO 8601 timestamp of when the vendor was created.
ISO 8601 timestamp of the last update.
Category enum
| Value | Description |
|---|---|
ANALYTICS | Analytics and reporting tools |
CLOUD_MONITORING | Infrastructure monitoring services |
CLOUD_PROVIDER | Cloud infrastructure providers |
COLLABORATION | Team communication and collaboration |
CUSTOMER_SUPPORT | Customer service platforms |
DATA_STORAGE_AND_PROCESSING | Databases and data processing services |
DOCUMENT_MANAGEMENT | Document storage and management |
EMPLOYEE_MANAGEMENT | HR and employee lifecycle tools |
ENGINEERING | Developer tools and platforms |
FINANCE | Accounting and financial services |
IDENTITY_PROVIDER | SSO, directory, and identity services |
IT | IT management and support tools |
MARKETING | Marketing and advertising platforms |
OFFICE_OPERATIONS | Office management and facilities |
OTHER | Vendors that don’t fit other categories |
PASSWORD_MANAGEMENT | Password managers and secrets tools |
PRODUCT_AND_DESIGN | Product management and design tools |
PROFESSIONAL_SERVICES | Consulting and professional service firms |
RECRUITING | Recruiting and applicant tracking systems |
SALES | CRM and sales tools |
SECURITY | Security tools and services |
VERSION_CONTROL | Source code and version control systems |
The VendorRiskAssessment object
Global ID (GID) of the risk assessment.
GID of the organization.
GID of the vendor this assessment belongs to.
The sensitivity of data shared with this vendor. One of:
NONE, LOW, MEDIUM, HIGH, CRITICAL.The business impact if this vendor becomes unavailable. One of:
LOW, MEDIUM, HIGH, CRITICAL.When this risk assessment expires and should be renewed.
Optional notes about this risk assessment.
GID of the snapshot this assessment belongs to, or null for live data.
ISO 8601 timestamp of when the assessment was created.
ISO 8601 timestamp of the last update.
Operations
listVendors
Returns all vendors for the organization. MCP tool:listVendors
Parameters
GID of the organization.
Number of results per page.
Pagination cursor from a previous response’s
next_cursor.Response
Array of vendor objects.
Cursor for the next page.
addVendor
Creates a new vendor. MCP tool:addVendor
Parameters
GID of the organization.
Vendor name.
Optional description.
Vendor category (see Category enum).
Legal entity name.
Vendor website.
Privacy policy URL.
SLA document URL.
DPA document URL.
BAA document URL.
Subprocessors list URL.
List of compliance certifications.
Countries of operation (ISO 3166-1 alpha-2).
GID of the business owner profile.
GID of the security owner profile.
Status page URL.
Terms of service URL.
Security documentation URL.
Trust center URL.
Response
The created vendor object.
updateVendor
Updates an existing vendor. MCP tool:updateVendor
Parameters
GID of the vendor to update.
addVendor are optional and will only update if provided.
Response
The updated vendor object.
deleteVendor
Deletes a vendor. MCP tool:deleteVendor
Parameters
GID of the vendor to delete.
Response
GID of the deleted vendor.