Vendor tiering allows you to classify your vendors based on the inherent risk they pose to your organization, and define the depth of assessment you perform on each vendor as a result.
How should I use vendor tiering?
Vendor tiering is commonly used to define the level of potential impact a vendor has in relation to your organization. For example, you would likely classify a vendor that handles any personally identifiable information(PII) as Tier 1, and a vendor that only stores publicly accessible information as Tier 3.
This helps you allocate an appropriate amount of resources to assessing each vendor. For example; you would likely elect to send detailed questionnaires to Tier 1 vendors as part of your risk assessment process, reviewing each risk that is present to your organization and taking associated action (requesting remediation, waiving risks, etc).
For Tier 3 vendors who likely don't handle any PII and don't have any access to your organization or customer data, you may wish to assess these purely based on web risks identified with UpGuard automated scanning and ensure they meet a certain security rating threshold.
Configuring available tiers
By default, we make three tiers available for classifying your vendors - Tier 1, Tier 2, and Tier 3. If you wish to change the names of these tiers, or add more tiers, you can do so via the Settings screen. In the below example, a fourth tier has been added and the default names have been changed.
Assigning tiers to vendors
There are numerous ways you can assign tiers to the vendors you are monitoring.
On the Vendors screen, by clicking the "+" button next to a vendor in the Tier column.
On the Vendors screen, by selecting multiple vendors then assigning a tier to all of them.
On the Vendor Summary, by clicking on the "+" button next to the Vendor Tier in the summary card.
On any vendor-specific screen, by clicking the tier icon in the page header.
Sorting and filtering by tier
Once you have assigned tiers to vendors, you can use them for sorting and filtering.
To sort the Vendors list by tier, click on the "Tier" column heading.
To filter the Vendors list by tier, click the "Tier Breakdown" button to open a panel that will allow you to select the tiers to filter by, pictured below:
Filtering by tier is also supported in the Filters panel available on the Vendors screen, and can be used in conjunction with any other available filter.
Automatically populating tiers
To save time and ensure consistency, you can create automation rules to assign vendors to tiers, based on responses to a set of questions within your relationship questionnaire. Visit How to use automation to apply tiers, labels, portfolios and custom attributes to your vendors to learn more.