Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed some incorrect information


Live Search
spaceKeyZenGRCOnboardingGuide
additionalnone
placeholderSearch our site
typepage

Overview


To edit details for an individual vendor, complete the following steps:

  1. Navigate to the Vendors pageClick Vendors in the left-hand navigation.
    Image Removed
    Image Added

  2. Click the linked name of the desired vendor. The Vendors details page displays with information for the vendor.
    Image Removed
    Image Added

  3. Hover over the desired field. A blue pencil displays.
    Image Removed
    Image Added

  4. Click the blue pencil. A dialog box displays.

             

    Info
    titleNOTE

    Selections in the dialog box differ depending upon the dropdown selection.


  5. Make the changes.
  6. Click Save.
  7. Alternatively, click Cancel to close the dialog box without saving changes.

Understanding Terminology


This section describes a few of the terms that are critical to managing a vendor's information security status.

States

Status

A state status describes the communication status within ZenGRC between vendors and your organization.
Image Removed
Image Added


The settings for a state status include the following:

  • Added - The vendor has been added to your instance, but a survey questionnaire has not yet been sent. This displays automatically after a vendor's addition.
  • Pending Assessment - The vendor has completed the survey questionnaire and submitted it. The responses require review, and a risk rating can be set.
  • Accepted - Based on the survey questionnaire answers, the vendor is approved. You must manually set this statestatus.
  • Rejected - Based on the survey questionnaire answers, the vendor is rejected. You must manually set this statestatus.

Risk Ratings

A risk rating represents security risks your organization may encounter through business dealings. It can be set at any point, even when the vendor is first added and prior to sending a survey. Based on the scores and weights you define in the setup process, ZenGRC automatically calculates your risk when vendors respond to your surveys. However, these can be manually overridden if necessary.
Image Removedquestionnaire. 

Image Added


The settings for risk ratings include the following:

  • --- This value means the vendor is unrated.
  • Low - The vendor has a low security risk.
  • Medium - The vendor has a moderate security risk.
  • High - The vendor has a high security risk.

Actions

Actions show what step to do next. The settings for actions include the following:

Send a Survey - The vendor is added to the system. The

next

step is to send a survey

.

 This action also displays after a vendor has been accepted or rejected so that another survey can be sent for additional assessments.Sent Survey - One or more surveys have been sent to the vendor. 

Adding Comments


For each update or addition to a vendor's information, you can add comments detailing the change. The comment history is tracked, with the newest displaying below any previous comments.

Tip
titleTIP

The red ballon balloon displayed on the Vendors list view page indicates there are new comments. 




To add a comment to a vendor, complete the following steps:

  1. Click the vendor title to open the Vendors details page.
  2. In the right pane, enter information into the Write a comment text box.
  3. Click Send.

    Info
    titleNOTE

    For instructions on sending and managing surveys, please see Questionnaires.