Vendor Risk Assessment
- Determine the criticality of a vendor to the organization
- Risk rate vendor engagements based on its responses to questionnaires
- Log and track remediation
- Tie critical vendor engagements to information assets and their related risks, sourcing from our IT Risk Application
- Receive automated notifications when Vendor Contracts expire
External Vendor Portal
- External vendors can:
- Receive alerts and information requests
- Send responses to questionnaires and attach any supporting documentation
- Communicate with the requestor
- Provide updates on remediation items
Vendor Reporting
- Out-of-the-box reports including:
- Vendor Profile Reports
- Vendor Criticality Reports
- Geographic Overview of Vendors
- Gaps and Remediation Activities
- Vendor Engagement Status Reports
Vendor Repository
- Access and build a repository of third-party providers across the organization
- Categorize vendors, including contact details, type, certifications, and associated vendor engagements
- Push updated questionnaire information to all assessments
Vendor Questionnaires
- Supports vendor engagement assessment for vendors that provide multiple services
- Send pre-populated standard SIG/SIG Lite* questions covering security, access, privacy, resiliency, and other risks to the vendor for response
- Maintain and leverage multiple questionnaire frameworks depending on vendor engagement type or criticality
- Custom questionnaire support
Employee Request Portal
- Any internal employee can:
- Request approval to outsource a particular function of the business to a vendor
- Obtain status updates and approval for a vendor request