Third Party Risk Manager
Vendor Management
Organize and track your third-party software vendors
Vendor Management
Maintain a centralized directory of all third-party software vendors with contact information, contracts, and risk categorization.
Vendor Directory
Adding Vendors
- Navigate to Vendors
- Click Add Vendor
- Enter vendor information:
- Company name
- Primary contact
- Contact email
- Website
- Products used
- Set risk tier
- Click Save
Vendor Information
Track comprehensive vendor details:
| Field | Description |
|---|---|
| Company Name | Vendor organization name |
| Products | Software products you use |
| Primary Contact | Main point of contact |
| Contract Status | Active, pending, expired |
| Risk Tier | Critical, High, Medium, Low |
| SBOM Status | Received, requested, none |
| Last Assessment | Most recent risk review |
Bulk Import
Import vendors from spreadsheet:
- Download the template CSV
- Fill in vendor information
- Upload the completed file
- Review and confirm import
Risk Tiering
Automatic Categorization
TPRM can suggest risk tiers based on:
- Data access level
- System criticality
- User count
- Compliance requirements
Manual Override
Adjust risk tiers manually:
- Select the vendor
- Click Edit Risk Tier
- Choose new tier
- Document justification
- Save changes
Vendor Relationships
Track relationships between vendors:
- Parent companies
- Subsidiaries
- Resellers
- Implementation partners
Contract Management
Link contracts to vendors:
- Contract documents
- Start and end dates
- SLA terms
- Security requirements
- SBOM obligations
Vendor Portal
Invite vendors to self-service:
- Update their own information
- Submit SBOMs directly
- Respond to questionnaires
- View their risk status