Vendor Risk & Trust

Vendor Management

Create, manage, and organize vendor profiles for comprehensive risk assessment

What is Vendor Management?

Vendor Management is the foundation of the Vendor Risk & Trust Management module. It allows you to create and maintain comprehensive vendor profiles that include company information, contact details, risk assessments, questionnaires, and documents. Each vendor profile serves as the central hub for all vendor-related activities.

Centralized Information

Store all vendor-related information in one place, including company details, contacts, risk scores, assessments, and documents.

Risk Tracking

Monitor vendor risk levels over time, track inherent and residual risk scores, and view risk assessment history.

Vendor Dashboard

Accessing the Vendor Dashboard

The main vendor dashboard provides an overview of all vendors and key metrics

Navigate to Vendor Risk

Click on "Vendor Risk" in the main navigation sidebar. This will take you to the vendor dashboard.

View Dashboard Statistics

The dashboard displays four key metrics at the top:

Total Vendors: Count of all vendor profiles
High Risk: Number of vendors with high or critical risk levels
Pending Assessments: Assessments awaiting completion
Completed: Successfully completed assessments

Browse Vendor List

Below the statistics, you'll see a table or card view of all vendors. Each vendor entry shows:

Company name and industry
Current risk level (with color-coded badge)
Inherent risk level
Status (Active, Inactive, etc.)
Actions: View Details, Edit, Delete

Creating a Vendor Profile

Step-by-Step Guide

Create a new vendor profile to start the risk assessment process

Click "+ Add Vendor"

On the vendor dashboard, click the "+ Add Vendor" button located in the top-right corner.

Fill in Company Information

Complete the vendor creation form with the following fields:

Company Name *Required

The official company name (e.g., "Acme Corporation")

IndustryOptional

Industry sector (e.g., "Software", "Healthcare")

WebsiteOptional

Company website URL (e.g., "https://example.com")

Add Contact Information

Provide contact details for the vendor:

Contact Name

Primary contact person (e.g., "John Doe")

Contact Title

Job title (e.g., "Security Director")

Contact Email

Email address (e.g., "security@example.com")

Add Description (Optional)

You can add additional notes or context about the vendor in the description field. This is useful for internal documentation and context.

Create Vendor

Click the "Create Vendor" button to save the vendor profile. You'll be redirected to the vendor detail page where you can start the risk assessment process.

Tip: Only the Company Name field is required. All other fields can be filled in later or updated as needed. However, providing complete information upfront helps streamline the risk assessment process.

Vendor Detail Page

Navigating Vendor Details

The vendor detail page provides comprehensive information and actions

Accessing Vendor Details

Click the "View Details" button on any vendor card in the dashboard, or click directly on a vendor row in the table view.

Page Header

At the top of the vendor detail page, you'll see:

Company Name and Industry
Risk Level Badge - Color-coded indicator (Low, Medium, High, Critical)
Status Badge - Current vendor status (Active, Inactive, etc.)
Action Buttons: Edit, Delete

Tabs Overview

The vendor detail page is organized into several tabs:

Overview Tab

Displays risk overview cards (Overall Risk, Inherent Risk, Residual Risk), company information, contact details, and current risk status.

Inherent Risk Tab

Assess vendor tier, service criticality, data access level, integration depth, and geographic risk. The system automatically calculates the inherent risk score based on your inputs.

Questionnaires Tab

View all questionnaires sent to this vendor, including status (Sent, In Progress, Completed, Overdue). Click on a questionnaire to view responses.

Assessments Tab

View all risk assessments for this vendor. See risk reduction metrics, status, and click "View Details" to see full assessment information. Click "Review Responses" if a questionnaire is linked.

Documents Tab

Upload, view, and manage vendor documents such as certifications, audit reports, and compliance documentation.

Team Tab

Assign team members to this vendor with specific roles. Vendor-level team assignments override tenant-level assignments for this vendor.

Editing and Deleting Vendors

Editing a Vendor

To edit a vendor profile:

Navigate to the vendor detail page
Click the "Edit" button in the top-right corner
Update any fields in the edit form
Click "Save" to save changes

All vendor information can be updated at any time, including company name, contact details, and description.

Deleting a Vendor

To delete a vendor profile:

Navigate to the vendor detail page
Click the "Delete" button (red button with trash icon)
Confirm the deletion in the dialog

Warning: Deleting a vendor will also delete all associated assessments, questionnaires, and documents. This action cannot be undone.

Next Steps

Assess Inherent Risk

After creating a vendor, assess their inherent risk to determine the initial risk level

Learn About Risk Assessment

Send Questionnaires

Build and send security questionnaires to vendors for detailed risk assessment

Learn About Questionnaires

Need Help?

Our support team is here to help you with vendor management.

Contact Support Continue to Questionnaires