Understanding Vendor Risk Management The Vendor Risk Management application provides a centralized process for managing your organization's vendor portfolio and completing the vendor assessment and remediation lifecycle. Also, integrating with other GRC applications, provides top-down traceability for compliance with controls and risks. Who uses Vendor Risk Management? Risk analysts Vendor risk manager Functional department heads responsible for vendor compliance. For example: Account Executive Senior Corporate Counsel Director, Information Security Director, HR Operations Director, Information Technology Vendor Risk Management workflowVendors and vendor risk managers work together to complete the vendor assessment and remediation lifecycle workflow.Activate Vendor Risk ManagementThe GRC: Vendor Risk Management (com.sn_vdr_risk_asmt) plugin is available as a separate subscription.Update vendor informationMost organizations import their vendor portfolio through an excel spreadsheet or an integration with another onboarding solution. Vendor risk managers make on-going updates to the vendor information. Vendor risk ratings and scoring calculationsWithin a vendor risk assessment, multiple ratings and scored are calculated. Manage vendor risk assessmentsThe vendor risk analyst assigns risk assessments to vendors as needed. The vendor primary contact views their assessments on the vendor portal. The vendor risk manager and the vendor use comments to communicate. Before the vendor risk manager closes the assessment, issues and tasks are created on-demand, usually during the Generating Observations state.