Vendor Risk Management workflow

Vendors and vendor risk managers work together to complete the vendor assessment and remediation lifecycle workflow.

  1. Most organizations import their vendor portfolio through an excel spreadsheet or an integration with another onboarding solution. Vendor risk managers make on-going updates to the vendor information.
  2. If Vendor Risk Management is integrated with other GRC applications, the vendor risk manager maps controls to the assessment questions.
  3. The vendor risk manager creates risk assessment templates, questionnaire templates, and document request template, and prepares the risk assessments.
  4. The vendor risk assessor prepares and sends risk assessment to the vendor.
  5. The vendor primary contact receives the risk assessment in email and signs into the Vendor Portal. From the portal, the primary contact can invite other collaborators to complete portions of the risk assessments.
  6. The Vendor Portal provides a listing of all risk assessments and the status of each. Once complete, the primary contact submits the risk assessment through the Vendor Portal back to the vendor risk analyst.
  7. The vendor risk analyst uses the Vendor Portal to see the progress of all assessments, see all the responses and see any generated observations.