Create a vendor risk assessment and initiate the life cycle

The vendor risk assessor creates an assessment, initiating the vendor risk assessment life cycle. Vendor risk assessments can be created on-demand or from repeating assessment.

Before you begin

Role required: vendor risk assessor


  1. Navigate to Vendor Risk > Assessments > All Assessments.
  2. Do any of the following actions:
    To associate any existing document requests or questionnaires. Click Edit.
    To create on-demand document requests or questionnaires for the assessments. Click New.
    To associate any existing document requests or questionnaires from the assessment template.
    1. Click New.
    2. In the Assessment template field, select the document requests or questionnaires.
  3. Fill in the fields on the form, as appropriate.
    Table 1. Vendor Risk Assessment
    Field Description
    Vendor The vendor that is being assessed.
    Risk rating The overall risk rating for this vendor.
    • Critical
    • High
    • Moderate
    • Low
    • Minor
    Repeating assessment The assessment that is used to create the current assessment.
    Created by
    Assessment template The template used to create the current assessment.
    Assigned to
    Watch list
    Notes and Comments
    Work notes
    Additional comments (Customer visible)
    Assessment Schedule
    Planned duration (days) Estimated duration period of the assessment
    Actual duration
    Planned start date
    Actual start date
    Planned end date
    Actual end date
    Questionnaire Schedule
    Planned duration (days) The duration given to vendor to answer all the questionnaires
    Submitted to vendor The date that questionnaires are sent to vendor
    Due date deadline for vendor to answer all the questionnaires
    Review duration (days) The review duration given to customer to review all the questionnaires
    Completion date The actual date when vendor completed all the questionnaires
    Responses expected by The date the vendor is expecting the responses
  4. Click Submit to vendor.
    The primary vendor contact is notified, and the state of assessment changes to Submitted to vendor. The vendor responds to the notification through the Vendor Risk Portal, changing the state of assessment to Response received. All the risk scores are calculated automatically.
  5. The vendor assessor moves the state of the assessment to Generating Observations. During this time, the vendor assessor can click the View Response link in the document requests/questionnaires related list to view the response and provide comments or change responses, as necessary.
    For any problems that rise, the vendor assessor creates an issue to track the remediation process (Finalizing with vendor).
  6. The vendor assessor moves the assessment to Closed state.
    The vendor risk assessor works with the vendor through the vendor portal to close the assessment.