Product Updates

Conduct risk classifications of your vendors and their assets: Privacy - May 2024🚦

Written by Josephine Broe Moesgaard | 16-May-2024 07:31:31

Understanding the risk your vendors pose is critical to maintaining a secure and compliant operation. Our Vendor Management Module enables you to classify vendors based on risk levels within various compliance areas, ensuring that you can focus your efforts on managing high-risk vendors.

 

Create custom risk classifications for classifying your vendors 
With our Vendor Management Module you can now create custom risk classification templates. Once created, you can add the templates to the relevant vendors. Answer the classification in relation to the specific vendor and a risk level and score will be generated. 

The risk classification templates can only be made by administrators, however the classifications can be answered by everyone in your organisation who have access to the Vendor Management Module. The creation flow is quiet similar to the creation of audit templates. You can read more about questions, sections, branching logic, required questions, preview and testing, template status and version here

As an administrator go to "Settings" and choose "Visit vendor classifications". From here you can create a new template and see a comprehensive list of the classifications you have created. The list consists of the template name, associated compliance areas, score enabled, activation date, version and status. If you wish to see archived classifications, simply toggle to "Archived" at the top of the list.  

When creating a new template provide a name, a description (optional) and specify the compliance areas that the classification should cover (optional). Furthermore, you can enable/disable scores based on the responses. 

You can also create a copy of a classification that you previously created. This way you don't have to start from scratch and the risk levels and intervals, questions, branching logic, sections and other design setting are transferred to the copy. 

Risk levels and intervals  
When you enter the template draft you now have to select which risk levels should be included in the template. Furthermore, you have to set the percentage intervals that determine the vendors risk level based on the responses provided.

You can add as many risk levels as you would like. The default levels are "High" and "Low" but you may for example want to add "Very high", "High", "Moderate", "Low" and "Very low". Simply click "Add new interval" and change the title and icon so it matches your desired intervals.

Now you will have to set the percentage intervals that determine the respondents risk level based on the provided answers. As the vendor score increases, the associated risk level should decrease. So if the answers provided scores 100% the vendors should typically be placed within the risk level "Very low" and vice versa. 

Section weighting
Assign a percentage weighting to each section. The total weighting for all section must add up to 100%. For instance, you can distribute the weight evenly with four sections at 25% each. Alternatively, you have the flexibility to assign different weights, such as having three sections at 20% each and the fourth section at 40%.

Question weighting
Assign a percentage weighting to the question. The total weighting for all questions must add up to 100%. For instance, you can distribute the weight evenly with four questions at 25% each. Alternatively, you have the flexibility to assign different weights, such as having three questions at 20% each and the fourth question at 40%.

Answer option weighting
Assign a percentage weighting to each answer option. The weighting can range from 0% to 100% on each answer option. For instance, you might have the answers option “Yes” having a weighting of 0% and the answers option “No” having a weighting of 100%.


Total weighting
The total weighting shows how far you are with the weighting of your template. You can only activate the template when the total weighting is 100%. It is the combined weighting of your questions that determines the template's total weight. If you use sections, the progress bar is determined by the weighting of the sections. For a section to count, the questions within that section must also add up to 100%.

Add classification to vendor and answer it
When your classification template is activated you're ready to add it to any relevant vendor in Privacy. Go to the menu item "Legal entities" and choose "Vendors". Now select a specific vendor from the list. By default the vendor page opens the tab named "Classifications". Click the button "Add classification". Now you can select the classification templates you wish to apply to the vendor. You have the option to choose from the templates the administrator has created within the classifications section under settings. If you want to answer the template in relation to a specific asset provided by the vendor please select this asset (Optional). Only assets that have already been related to the vendor will appear in the dropdown. These assets are visible under the "Assets" tab on the vendor. 

The chosen classifications will now appear in the list under the "Classifications" tab. Simply click "Answer classification" and you will be sent directly to the classification. When you click "Submit" the risk level and score will now be visible in the list. Also, you can see the date for submission and the user it was submitted by. In the overflow menu you can also add a note to the classification. 

Based on the risk level and score you will have to take action if some of the answers doesn't match you compliance level. If more needs to be done to ensure that compliance and improvement goals are met, you can write this in the notes on the classification. Also, you can use the annual wheel to create and follow-up on tasks related to the the classification. 

Classification report
The classification answers can be seen in the report shown on the classifications tab. You have the possibility to open the report in a browser or download it as a pdf. 

We hope you will enjoy the new features 🎉 

If you don't have access to the Vendor Management module, but want to try it, then please contact us, and we will help you.