Vendor Risk App Summary

Vendor Risk Assessment

  • Determine the criticality of a vendor to the organization
  • Risk rate vendor engagements based on its responses to questionnaires 
  • Log and track remediation 
  • Tie critical vendor engagements to information assets and their related risks, sourcing from our IT Risk Application
  • Receive automated notifications when Vendor Contracts expire

External Vendor Portal

  • External vendors can: 
    • Receive alerts and information requests
    • Send responses to questionnaires and attach any supporting documentation 
    • Communicate with the requestor
    • Provide updates on remediation items

Vendor Reporting

  • Out-of-the-box reports including:
    • Vendor Profile Reports 
    • Vendor Criticality Reports 
    • Geographic Overview of Vendors
    • Gaps and Remediation Activities
    • Vendor Engagement Status Reports

Vendor Repository

  • Access and build a repository of third-party providers across the organization 
  • Categorize vendors, including contact details, type, certifications, and associated vendor engagements
  • Push updated questionnaire information to all assessments

Vendor Questionnaires

  • Supports vendor engagement assessment for vendors that provide multiple services
  • Send pre-populated standard SIG/SIG Lite* questions covering security, access, privacy, resiliency, and other risks to the vendor for response
  • Maintain and leverage multiple questionnaire frameworks depending on vendor engagement type or criticality
  • Custom questionnaire support

Employee Request Portal

  • Any internal employee can:
    • Request approval to outsource a particular function of the business to a vendor  
    • Obtain status updates and approval for a vendor request