Overview
VendorRisk is comprehensive yet easy-to-use vendor management software. Our approach is based on the following assumptions:
- Your organization interacts with vendors
- The relationship with these vendors is established by contracts
- Vendors provide services, software, and hardware (items)
- These items carry an inherent risk level that could affect your organization
- For internal/external auditing purposes, your organization needs a way to consolidate this information in a user-friendly manner
Modules
Dashboard
Once a user logs in, they see their homepage, a.k.a. the "dashboard". The purpose of the dashboard is to highlight any vendors, contracts or items that are time-sensitive or otherwise important to the user.
The first section of the Dashboard page is the "Action Required" area, which shows any upcoming review dates for vendors and other items. The second section is the "Watch List" — each item in the database can be flagged as a "Watch List" item. This should be used for any critical items or items that are frequently accessed or updated. Lastly, there is a "To Do" section where users can add tasks and then check them off as completed.
The dashboard also serves as a jumping-off point, as all major links are accessible from this page. Of note is the "Quick Links - view items" page, which lists all of your vendors and contracts on one page.
View screenshots of the dashboard screen.
Vendor Management
Customizations:
- assess vendor risk
- search OFAC database
- submit vendor reviews
- upload files
- post comments
- track competitors
The Vendors module is where you add, edit and view vendor-specific information. Among the fields captured are:
- Primary Info — vendor name, start date, main phone, website URL, and mailing address info
- Contacts — add unlimited contacts, with fields for name, title, work phone, email, and notes
- Risk Management — OFAC check completed, vendor IAP/insider, risk assessment questions
- Contracts — lists each contract the vendor has, with its status and start/end dates
- Reviews, Alternative Vendors, File Attachments, Comments — see below
Vendors can be exported to CSV and Excel formats.
View screenshots of the vendor management module and the OFAC search section.
Contract Management
Customizations:
- track contract signers
- track insurance-related information
- ability to upload files
- ability to post comments
The Contracts module is where you add, edit and view contract-specific information. Among the fields captured are:
- Primary Info — contract name, vendor name, contract status, contract type, annual cost, contract signers and legal review
- Contract Terms — start date, original contract date, termination date, notice requirement, auto-renews
- Insurance — coverage type, carrier limit, insurance expiration date
- Services / Software / Hardware — lists each item that is covered under the contract
- File Attachments & Comments — see below
Contracts can be exported to CSV and Excel formats.
View screenshots of the contract management module.
Services, Software & Hardware
Customizations:
- assess item risk
- submit reviews
- upload files
- post comments
- track competitors
Each of these three modules is similar in the information that it captures, notably:
- Primary Info — name, vendor name, contract, type, location, annual cost, description, recovery time and recovery point objectives
- Risk Management — risk assessment questions
- Information Management — NPPI/NDA, insurance coverage, and third party review of controls required
- Reviews, Competitors, File Attachments, Comments — see below
Each module can be exported to CSV and Excel formats.
View screenshots of the service management, service management and hardware management modules.
Risk Assessment
Customizations:
- create your own risk levels
- supply your own questions and possible answers
Vendors, services, software and hardware can each have a risk level. Each module can have their own set of custom risk questions that determine the risk level. For a vendor, are they in financial trouble? Are they being bought out by another company? For a service, do outside personnel have access to your company's private information? For a particular piece of software, is it outdated and prone to bugs?
These are types of questions that can be used to gauge risk, thereby allowing your organization to determine and pay attention to high-risk items.
View screenshots of the risk assessment functionality.
Reports
VendorRisk currently comes with 40+ reports, with the goal to eventually have much more. The reports are organized by module (Vendors, Contracts, etc.).
View screenshots of the reports module.
Sections
Reviews
Each item can be reviewable. For example, your organization may conduct annual financial reviews, or your IT department may perform semi-annual software and hardware reviews. For each item, you can select the review frequency, and any upcoming review dates will appear on your Dashboard.
Upload Documents/Files
Files can be uploaded to each item in each module. Upload PDFs, contracts, service agreements, etc. Each VendorRisk plan comes with a large amount of available hard drive space for uploads.
Post Comments
Every module offers a Comments section. Having problems with a particular service? Enter a comment so that when you review the service 6 months from now, you'll have a paper trail of any issues you experienced.
Track Competitors
Each module except Contracts can have unlimited competitors listed. For example, who are the competitors for Vendor XYZ? For your accounting software, what are other products that offer similar functionality? Track this information so that you'll know where to go in case you decide to make a change.
News Search
Vendors, software and hardware each have a "News" link that lets you search Yahoo! News for breaking news on that item. If a result is of interest to you, you can save the story, and it will be saved as a bookmark within VendorRisk so that you don't need to remember the URL.
View screenshots of the vendor news section.
Site Administration / Customization
By default, VendorRisk is configured with all the modules and sections described above. For some organizations though, this will be overkill. For example, your company might use another system to track hardware inventory. Or you may have no interest in assessing risk and only want a place to list your vendors and contracts.
From the Site Administration section, you can pick and choose which elements of the site you want to use. If you uncheck "Hardware" in the Admin Setup Wizard, you'll never see Hardware mentioned on the site. This approach lets you streamline the site's appearance and functionality to best suit your needs. The modules/sections you decide to hide can always be re-enabled later if your needs change.
View screenshots of the administration area and customization options.
