Understanding Vendor Risk Management The Vendor Risk Management application provides a centralized process for managing your organization's vendor portfolio and completing the vendor assessment and remediation lifecycle. Also, integrating with other GRC applications, provides top-down traceability for compliance with controls and risks. Who uses Vendor Risk Management? Risk analysts Vendor risk manager Functional department heads responsible for vendor compliance. For example: Account Executive Senior Corporate Counsel Director, Information Security Director, HR Operations Director, Information Technology Vendor Risk Management workflow Vendor Risk Management workflowVendors and vendor risk managers work together to complete the vendor assessment and remediation lifecycle workflow.Activate Vendor Risk ManagementThe GRC: Vendor Risk Management (com.sn_vdr_risk_asmt) plugin is available as a separate subscription.Manage assessmentsAssessments are created from templates which define questionnaires, document requests, and frequency of the assessment. Manage vendor portfolioThe vendor portfolio is a data base of vendors targeted for assessment.Manage vendor risk assessment issues and remediationIssues and tasks are created on-demand before the assessment is closed, usually during the Generating Observations state. The vendor risk analyst and the vendor work together to achieve closure on non-compliance. Vendor Assessment Portal for VendorsThe vendor assessment portal is a web interface providing a primary point of interaction for vendors and risk assessors, with a centralized workflow for those involved in the assessment. All remediations that result from those assessments are also coordinated through the Vendor Portal.