Understanding Vendor Risk Management The Vendor Risk Management application provides a centralized process for managing your vendor portfolio and completing the vendor assessment and remediation life cycle. Also, integrating with other GRC applications, provides traceability for compliance with controls and risks. Who uses Vendor Risk Management? Risk analysts Vendor risk manager Functional department heads responsible for vendor compliance. For example: Account Executives Corporate Counsel Information Security HR Operations Information Technology Activate Vendor Risk ManagementThe GRC: Vendor Risk Management (com.sn_vdr_risk_asmt) plugin is available as a separate subscription.Domain separation and Vendor Risk ManagementThis is an overview of domain separation as it pertains to Vendor Risk Management (VRM) and how it relates to VRM data separation. Domain separation allows you to separate data, processes, and administrative tasks into logical groupings called domains. You can then control several aspects of this separation, including which users can see and access data.Vendor Risk overview reportsYou can view Vendor Risk reports and other visualizations to the Overview. Vendor risk ratings and scoring calculationsWithin a vendor risk assessment, multiple ratings and scored are calculated. Update vendor informationMost organizations import their vendor portfolio through an excel spreadsheet or an integration with another onboarding solution. Vendor risk managers make on-going updates to the vendor information, including risk security scores and vendor tiering scores. Manage vendor risk assessmentsThe vendor primary contact uses the Vendor Portal to view all assessments. Before the vendor risk manager closes the assessment, issues and tasks are created on-demand, usually during the Generating Observations state. The vendor risk analyst assigns vendors as needed and communicates using comment streams to achieve closure on non-compliance. Create repeating vendor risk assessmentsVendor risk assessors can create repeating vendor assessments to monitor the vendor risk continuously.