As your list of vendors expands and your vendor management workflows become more complex, using the various classification and information tools in the UpGuard platform can help streamline your risk assessment and vendor management workflows.
In this article we will explore the tools available and the best way to use them. We recommend that you set them up as early as possible while you are defining and establishing your workflows to help you optimize your experience and get the most out of the platform.
The following tools will be covered:
Vendor tiering allows you to classify your vendors based on the inherent risk they pose to your organization. Vendors that have the highest level of impact for your organization should be classified as Tier 1. For example, a Tier 1 vendor might be one that handles any personally identifiable information (PII). Vendors should then be grouped into tiers based on common levels of impact. Typically organizations would have 3–5 tiers.
Tiering your vendors is important as it not only can help inform the depth of assessment you perform on each vendor, but also help you get a more accurate picture of the risks posed by your vendors, by focussing your attention on risks for higher-tiered vendors.
To learn more about how to set up and use tiering for your vendors see How to tier your vendors in UpGuard.
Portfolios help you organize your vendors into segments which can then be used to view, filter and create reports. In addition portfolios can be used to control access for users in your account so their view is restricted to the monitored vendors that concern them.
Portfolios should be used for high-level segmentation, such as grouping by suppliers, partners and competitors. Alternatively you may want to create a portfolio for each department within your organization, to help users within those departments easily understand the risk profile of vendors relevant to them without seeing every vendor the company monitors.
To learn more about how to set up and use Portfolios for your vendors see How to use portfolios to segment your vendors.
Labels provide an easy way to tag your vendors with key characteristics, allowing you to easily filter and identify vendors of a specific type. They are best used for binary characteristics, rather than for characteristics which have multiple alternate values, which are better suited to Attributes. Some good examples are provided in the predefined labels: In Use, Business Data, Customer Data, Network Access and Physical Access.
Using Labels provides you with an easy way to filter and identify customers with a certain characteristic, and they are prominently displayed on the Vendors list and Vendor Summary for easy reference. Filtering by label can help you select a list of vendors which can then be applied to actions within the platform, for example, sending questionnaires or reporting.
To learn more about how to set up Labels for your vendors see How to manage your labels.
Custom vendor attributes allow you to store additional structured information to give you a more comprehensive view of your vendors, enabling more effective vendor management within the UpGuard platform. You have the flexibility to define the vendor attributes you need, allowing you to store the information that’s important to your organization and how you manage your vendors.
Some good examples of custom attributes would be Internal Owner, Contract End Date or Cost Centre, which would help you manage your vendor relationship within the UpGuard platform.
Attributes are displayed on the Vendors list and Vendor Summary pages, and can be used to identify, filter and group your vendors. They can be populated when you first monitor a vendor or added later.
To learn more about how to set up and use Custom Attributes for your vendors see How to use custom vendor attributes.
The classification tools within the platform all play a different and important role in helping you optimize your vendor management workflows within the UpGuard platform as follows:
Allow you to classify your vendors based on the inherent risk they pose to your organization
A vendor that handles
personally identifiable information (PII) is classified as Tier 1 because they pose the highest risk.
Help you organize your vendors into segments which can be used for filtering, reporting and controlling access within your organization
Create portfolios for each department in the organization. A vendor is added to the Marketing portfolio so users in that department can access and manage that vendor.
Provide an easy way to tag your vendors with key characteristics, allowing you to easily filter and identify vendors of a specific type.
Use the In Use label to tag vendors that are active, to easily identify, manage and report on this group of vendors.
Allow you to store the additional structured information you need to enable more effective vendor management.
Adding Internal Owner as a custom attribute allows you to store that information against each vendors so that when a contact needs to be renewed you know who to contact.
Tiers, Portfolios, Labels and Custom Attributes are all able to be imported with your vendor lists, included in exports, and available via the API.