Skip to content
English
MineOS Platform
  • There are no suggestions because the search field is empty.

Mira AI - Vendor Scout

Instead of manually searching for missing details, Vendor Scout automatically suggests accurate, context-aware values for each vendor field — so your third-party inventory stays current, complete, and ready for any assessment or audit.

What is Vendor Scout?

Vendor Scout is an AI agent that automatically researches and enriches vendor records in MineOS.

It combines your existing vendor data with external intelligence (vendor websites, trust centers, privacy policies, and security documentation) to suggest missing information such as certifications, subprocessors, retention policies, AI capabilities, and other custom fields defined in your settings.

By automating vendor research, teams can reduce manual work, improve data quality, and accelerate onboarding and risk assessments across TPRM, compliance, and AI governance workflows.

Where to Find It

Go to any Data Source page → click Vendor Scout

Vendor Scout:

  • Works on vendors in any status (Draft, Active, etc.)

  • Can be re-run anytime to refresh outdated information

  • Runs asynchronously, so you can continue working while research is performed

How It Works

  1. Open a vendor record

  2. Click Vendor Scout

  3. (Optional) Add a prompt with context
    Example: “Cloud service used by finance team; EU hosting only.”

  4. Click Start Research

Vendor Scout runs in the background. When complete:

  1. A results banner shows the number of suggested updates

  2. Review suggestions next to the existing field values

  3. Accept or dismiss individual suggestions or apply them in bulk

  4. Click Save to confirm accepted updates

What the AI Uses

Vendor Scout generates suggestions using:

  • Existing vendor data
    (domain, description, systems, data types, processing activities)

  • Company Profile context
    (your organization’s industry, regions, regulatory scope)

  • Public sources, including

    • vendor websites

    • trust centers

    • security pages

    • privacy policies

    • LinkedIn

    • Data Processing Agreements (DPAs)

  • Custom fields and allowed values
    ensuring suggestions match your configured taxonomy

Example Custom Fields You Can Add

Vendor Scout works best when your vendor profile includes the fields that matter to your organization. You can create custom fields in Settings → Vendor Fields, and Vendor Scout will attempt to research and suggest values for them.

Below are examples of commonly used fields.

AI Description (Website)

What it captures: A short explanation of how the vendor uses AI in their product.

Example: “AI-powered assistant that generates customer support responses and summarizes tickets.”

Why it matters: Helps determine whether a vendor should go through AI governance or model risk assessments.

Retention / Retention Period

What it captures: How long the vendor retains customer or personal data.

Example: “Data retained while the account is active and deleted within 30 days after termination.”

Why it matters: Supports privacy reviews and data minimization checks during vendor assessments.

Security Controls (TOMs)

What it captures: Technical and organizational security measures implemented by the vendor.

Examples

  • Encryption in transit

  • Encryption at rest

  • Multi-factor authentication

  • Access controls

Why it matters: Helps security teams quickly evaluate whether a vendor meets baseline security requirements.

Subprocessors

What it captures: Third parties used by the vendor to deliver their service.

Example: AWS — Cloud hosting — EU region

Why it matters: Provides visibility into the extended vendor supply chain and downstream data transfers.

Privacy Policy Link

What it captures: The vendor’s public privacy policy.

Example: https://vendor.com/privacy

Cookies / Tracking Technologies

What it captures: Cookies, analytics tools, or tracking technologies used by the vendor.

Examples:

  • Analytics cookies

  • Marketing cookies

  • Pixels or tracking scripts

  • SDKs used in applications

How These Fields Support Vendor Risk Workflows

Capturing this information helps drive key decisions in vendor risk management, including:

Triggering AI Assessments

AI-related fields can help identify vendors that require AI governance reviews.

Example:
If Vendor Scout detects generative AI features, your team may initiate an AI risk assessment.

Identifying Data Transfer Risks

Subprocessor information helps identify downstream data flows and cross-border transfer risks.

Example:
If subprocessors are located outside your operating region, additional transfer safeguards may be required.

Supporting Security Reviews

Security control fields provide an early view of a vendor’s security posture.

Example:
If key controls are missing, security teams may request additional documentation or apply risk mitigations.

Evaluating Data Lifecycle Practices

Retention information helps determine whether vendor data handling aligns with internal data minimization policies.

Monitoring Tracking and Cookie Risks

Tracking technologies can highlight vendors that may require additional privacy review or consent mechanisms.

Overall, these fields help ensure vendor records contain the information needed for:

  • Vendor risk classification

  • Security assessments

  • AI governance reviews

  • Privacy and cookie compliance checks

  • Risk mitigation planning

Vendor Scout automates the research behind these fields so teams can focus on evaluating risk instead of gathering information.

Best Practice: Add Descriptions to Custom Fields

When creating custom fields, include a clear description explaining what the field should capture.

Vendor Scout uses these descriptions to better understand what information it should research and suggest.

Example:

Field name: Security Controls (TOMs)
Description: Technical and organizational security measures implemented by the vendor (e.g., encryption, MFA, access controls).

Clear descriptions help Vendor Scout produce more accurate suggestions and reduce manual research.

Company Profile (AI Context for All Agents)

The Company Profile in your Settings provides context that all Mira AI agents use when generating suggestions.

Include details such as:

  • What your company does

  • Industry and business model

  • Company size

  • Headquarters location

  • Operating regions

  • Server hosting locations

  • Regulatory scope (GDPR, HIPAA, DORA, EU AI Act)

Keeping this profile updated improves accuracy across vendor enrichment, assessments, and AI governance features.

Tips & Best Practices

  • Use the prompt field to add context for Vendor Scout
    Example: “SaaS CRM used for EU customers.”

  • Re-run before renewals
    Vendor policies and subprocessors may change.

  • Keep your Company Profile updated
    This improves AI accuracy across all agents.

  • Use together with Assessment Autofill
    This helps keep vendor data and assessments aligned.

FAQ

1. Does Vendor Scout overwrite existing data?

No. Suggestions appear alongside your existing values and are only applied after you accept and save them.

2. Can I run Vendor Scout while editing other vendors?

Yes. Vendor Scout runs asynchronously, and results remain available until reviewed.

3. Where do the suggestions come from?

Suggestions are generated using:

  • Your vendor record

  • Company context

  • Verified public sources such as privacy policies, trust centers, and DPAs

All outputs follow Mine’s field rules and value structures.