Vendor risk management​ expert guide

This article is a step-by-step guide on how to manage vendor risk across your organization in 6clicks

Topics covered in this article:

Vendor onboarding:

By onboarding vendors onto the 6clicks platform, you can easily track and manage their details, contracts, and performance history in one place. The user-friendly interface guides you through the onboarding process, allowing you to quickly leverage the platform's features for vendor assessment, review, remediation, and performance management.

To onboard vendors, you can import your existing vendors in bulk or create individually. Alternatively, you can use our vendor onboarding form to onboard any net-new vendors.

To add existing vendors, follow these steps:

  1.  Import your vendors in bulk, which allows you to quickly add multiple vendors at once or add vendors individually as required.
  2. To import vendors in bulk, select the More dropdown and then select Import.
  3. Next, select Download Template. Here you can fill out the available fields, then import the completed Excel doc.

 

To configure an initial intake form to onboard new vendors for the business, follow the instructions for vendor onboarding here. With the onboarding form, you are also able to automate the sending of the initial scoping assessment discussed in the next step.

Initial scoping assessment:

The initial questionnaire helps prioritize vendors for detailed assessments based on their criticality and importance to the organization. It covers various aspects such as qualifications, experience, financial stability, compliance, and risk mitigation measures. Gathering this information allows for informed decision-making and allocation of resources for further evaluation. Overall, the initial questionnaire streamlines the vendor assessment process, enabling efficient risk management and performance monitoring.

For this step, you can send an initial questionnaire to assess the criticality and importance of vendors. You can create your own questionnaire template or use one from our Content Library. These instructions will take you through using a template found in the 6clicks Content Library.

To add content from the 6clicks Content Library, you will:

  1. Navigate to the 6clicks Content Library.
  2. Use the search functionality to find a specific piece of content, such as 6clicks Scope Assessment and select details.
  3. Review content and select Add Content.

Note, once you have an assessment template from the Content Library or have created your own, you can update your vendor onboarding form configuration to automatically send the scoping assessment to your specified respondent. 

If you choose to skip the automation, you can manually send the initial vendor scoping assessment to a vendor or an internal stakeholder by following these steps:

  1. Go to Audits & Assessments>Create assessments from the top left-hand corner.
  2. Select Question-Based Assessment and search for the 6clicks Scope Assessment to create the assessment, we also give the option to import an assessment.
  3. Enter a unique Name and add a Respondent, then select Create.
  4. Review the 6clicks Scope Assessment and make any changes required. Note changes made at this stage only modify that single assessment, not the assessment template.
  5. Once completed, move the Status to Publish and add a respondent to send the 6clicks Scope Assessment (or your own custom assessment).


Detailed due diligence assessment:

During detailed vendor assessments, you evaluate various aspects of vendor operations, services, and products to understand potential risks and vulnerabilities. These assessments include factors like security practices, data protection, compliance, and meeting your organization's requirements. They serve as a foundation for ongoing vendor performance management, allowing you to monitor changes in risk profile and ensure compliance over time.

Send a more detailed vendor due diligence assessment through the assessment creation process or automate this process based on the results of the initial scoping assessment using our QBA automation feature for follow-up assessment.

If you want to take advantage of our QBA automation functionality to automatically send your detailed due diligence assessment to vendors, follow these next steps:

  1. Navigate to the assessment module and select your existing initial scoping assessment template. A new tab called "Automations" appears in the assessment builder.
  2. Configure the follow-up assessment automation for that particular assessment. Once configured, the due diligence questionnaire will automatically be created based on your configured criteria.

To create the vendor due diligence assessment manually, follow these steps:

  1. Navigating to the 6clicks Content Library.
  2. Use the search functionality to find a specific piece of content, such as the Vendor Security Alliance (VSA) Lite Questionnaire, and select details.
  3. Review content and select Add Content.
  4. Go to Audits & Assessments>Create assessments from the top left-hand corner.
  5. Select Question-Based Assessment and search for the Vendor Security Alliance (VSA) Lite Questionnaire to create the assessment, we also give the option to import an assessment.
  6. Enter a unique Name and add a Respondent, then select Create.
  7. Review the Vendor Security Alliance (VSA) Lite Questionnaire and make any changes required. Note changes made at this stage only modify that single assessment, not the assessment template.
  8. Once completed, move the Status to Publish and add a Respondent to send the Vendor Security Alliance (VSA) Lite Questionnaire (or your own custom assessment).

Vendor Review:

Review the results of vendor assessments to identify areas of concern or potential risks. Gain a comprehensive understanding of each vendor's performance and alignment with your organization's standards. Compare assessments to evaluate relative risk levels and prioritize actions. Validate assessment findings by cross-referencing with other data and make informed decisions about the next steps in the vendor management process.

Review the results of individual vendor assessments or analyze in aggregate for key trends.

  1. Select the Third-Parties module.
  2. Navigate to a specific Third-Party.
  3. Select the Assessment tab and review the Status, Due Date, and assessment Score.
  4. Select an assessment to review, this will take you to the assessment details.
  5. Once in the assessment, you can review the results to review areas of concern, create risks, and/or create issues or findings based on the results.

Remediation:

During the remediation process, collaborate with vendors to address identified risks promptly and effectively. Establish clear expectations and timelines, regularly communicate progress, and evaluate the effectiveness of remediation actions. Adjustments may be necessary, and termination of the vendor relationship is an option if risks cannot be adequately mitigated. Ongoing monitoring and evaluation ensure that risks are addressed and that the remediation efforts stay on track.

Manage remediation of vendor risks and issues in collaboration with vendors.

  1. Reopen and review the original assessment results and any new information that is available. You can then reassess the organization's controls and risk environment to determine if any changes are needed. The assessors may also conduct additional testing or interviews to gather more information. 
  2. Under Assessment Results click on Reopen.
  3. The Assessment responses will be populated as per what was previously submitted and can be updated as required.

Performance Management:

The 6clicks platform enables you to generate comprehensive reports on vendor assessments, risks, and issues, and effectively manage ongoing vendor performance. With its reporting capabilities, you can easily access and analyze data related to vendor assessments, highlighting key findings and risks. This holistic view of vendor relationships helps identify areas of concern or vulnerabilities. You can also track identified risks and monitor remediation tasks in real-time, ensuring full control and immediate action. The platform centralizes vendor-related information to easily track and monitor compliance, with automated alerts for timely follow-up on issues.

The 6clicks reporting functionality allows you to track the progress of remediation efforts and monitor the effectiveness of implemented actions. 

  1. Navigate to the Analytics module.
  2. If you do not have a dashboard built out, select Browse and Reports.
  3. Search for out-of-the-box assessment result reports such as Assessments Results (QBA) to view the risk ratings of question-based assessments that have risk ratings, then use the filter options to drill down to a specific third party.

Note you have the ability to progress reports for both question-based and requirement-based assessments.

 

The 6clicks platform empowers you to effectively manage and monitor your vendor relationships. With its robust reporting capabilities and performance management features, you can ensure that your vendors consistently meet your organization's standards and requirements. By leveraging this platform, you can enhance the security and reliability of your vendor relationships, ultimately strengthening your organization's third-party management.