On March 3rd, 2015 we released an update to RiskTool that includes a new module named Vendor Policies. This module will allow you to create vendor contacts and assign security policies via email that they will have the opportunity to accept or decline.
There are several administrative steps you’ll need to perform to take advantage of the new functionality. These include:
Adding Vendor Contacts
Adding Vendor Policies
Once you’ve created your vendors, contacts and policies, the policies can then be assigned to the various contacts for review.
Main Dashboard & Navigation
The Vendor Policies module is represented by a new icon on the left-hand navigation, as well as a reporting donut on the main dashboard.
The navigational icon displayed below is shown as a worker pushing a cart full of product. Clicking on the icon will take you to the Vendor Policies dashboard.
The Vendor Policies donut chart on the main dashboard is a quick overview of the status of the various vendors and their assignments. By clicking on one of the colors within the graph, the user will be directed to a filtered view of the vendors that fall into that status.
To navigate to the Vendor Policies dashboard, simply click the left hand menu icon or the icon within the donut chart.
Vendor Policy Dashboard
The reporting on both the main and Vendor Policies dashboard is based on your vendors’ overall task status. Each vendor can be a member of only one of the following categories:
Declined (Red) - Vendor has at least one declined vendor policy
6 Months Overdue (Orange) - Vendor has at least one vendor policy 6 months overdue
3-6 Months Overdue (Yellow) - Vendor has at least one vendor policy 3-6 months overdue
Current (Light Blue) - Vendor is no more than 3 months overdue for any vendor policy
Accepted (Dark Blue) - Vendor has accepted all of their policies
No Activity (Grey) - There are no assigned tasks in this material
Scrolling over each color provides a tooltip that indicates the % of vendors and total number of vendors who fall into this category. A vendor’s category is determined by the assigned policy(ies) most overdue or in need of attention. For example, if vendor Brown Software Consulting has nine “accepted” policies and one that is 6 months overdue, they will be listed in the orange category indicating 6 months overdue. Once they accept that policy, they would be updated to the dark blue accepted category.
Additional filtering and searching of the list and graph can be achieved. Searching or filtering is achieved in three ways:
Filtering based on Vendor Status Category - Selecting a color of the graph will filter the list to only show vendors who fall within that status category. A “reset” button will appear when a filter is applied. This reset feature will only apply to the vendor status category filter.
Filtering based on Vendor Policy - Below the donut graph is a drop-down menu of all the Vendor Policies. Selecting one of these policies will filter the list to show only vendors who have been assigned a task for that policy. Selecting “all” or another title will change the results.
Searching based on Vendor - Above the vendor list is a search box. This allows the user to hone in on a specific vendor while also taking into consideration any of the filters (status, title) that have been applied. To return to the list of all vendors, simply remove the text in the search box and click “search” again to reset the list.
Managing Vendors & Contacts
From the Vendor Policies dashboard, the user can administrate their vendor records by clicking the “Manage Vendors” link in the upper right-hand corner.
In order to assign policies to vendors, there must be both a vendor record and a contact associated to that vendor. Vendors and their contacts can easily be added in a manual fashion from the main vendor list page.
Vendors can have more than one contact, if desired, and policies can be assigned to either.
Managing Vendor Policies
From the Vendor Policies dashboard, the user can administrate their vendor policies by clicking the “Manage Vendor Policies” link in the upper right-hand corner.
From this page, the user can either upload your own vendor policies or download available templates. Vendor policy templates are available in Word document format for easy editing. Once changes are made, uploading back into RiskTool only takes a few moments.
By selecting an available vendor policy, the existing contacts, vendors, date assigned and status of the assignment can be viewed. Clicking into each assignment provides additional details and the opportunity to resend the notification to the vendor contact.
Assigning a Policy to a Vendor Contact
Vendor policies are assigned to vendor contacts through the “Manage Vendors” link from the Vendor Policies dashboard. Once a user has chosen a vendor, they’ll have the option to “Assign Vendor Policy” by clicking the menu item in the blue bar.
Assigning the policy is as simple as:
Choosing your policy
Choosing the vendor contact to send it to
Entering in a custom notification message (which will be included in the email to the vendor contact)
Completing a Vendor Policy (Vendor Contact)
An email will be generated to the vendor contact with a link to the policy and a screen to accept or decline the attached policy. The email template is provided below, including the custom notification message as indicated in the screen above.
Once the link is clicked, the vendor contact will be presented with a page that does not require log in to RiskTool to complete. The file will need to be downloaded in order to activate the “Accept” and “Decline” buttons.
Once complete, the vendor contact will receive a confirmation email closing out their process. RiskTool will track the response and status of each assigned vendor policy and report back via the donut charting and table lists.
While this release is focused on managing vendors, we are constantly working on new enhancements to RiskTool and other RiskAnalytics products. Future enhancements include updating and improving various workflows, such as system setup, user management, assigning tasks and managing content with RiskTool.
We would like to thank all the customers who contributed to this most recent wave of development and look forward to engaging customers in the future on new functionality and improvements.