Vendor Risk Management workflow

Vendors and vendor risk managers work together to complete the vendor assessment and remediation lifecycle workflow.

  1. The vendor risk manager can add vendors and specify the primary contact and other contact information.
  2. If Vendor Risk Management is integrated with other GRC applications, the vendor risk manager maps controls to the assessment questions.
  3. The vendor risk manager creates assessment templates, questionnaire templates, and document request template, and prepares the assessments.
  4. The vendor risk assessor prepares and sends assessment to the vendor.
  5. The vendor primary contact receives the assessment in email and signs into the Vendor Portal. From the portal, the primary contact can invite other collaborators to complete portions of the assessments.
  6. The Vendor Portal provides a listing of all assessments and the status of each. Once complete, the primary contact submits the assessment through the portal back to the vendor risk analyst.
  7. The vendor risk analyst uses the Vendor Portal to see the progress of all assessments, see all the responses and see any generated observations.