Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Part 1: Build Your First Risk Automation Workflow

Overview

We’re going to walk you through exactly how to build a workflow in UpGuard. About the workflow:

  • It’s an automation that flags any vendors who have never been assessed or whose assessment is 12+ months old.
  • It’s all within UpGuard so you don’t need to worry about API keys or setting up an integration.
  • We’ll provide you with everything you need — anyone can follow this guide successfully.

Knowing what button to click in Risk Automations is really easy (Risk Automations>Workflows>+ Create Workflow>+>pick a node). The real skill is learning to map the steps your automation needs. That’s where this page comes in.

Workflow synopsis

For our first workflow we want to build something: straightforward, valuable, UpGuard-exclusive (i.e. no API keys or integrations required).

Pitch

First, let’s think about what we want our workflow to do in very human terms. In the real world, this would be the the pitch you make to your coworker about what you want to build.

Staying on top of vendor assessments is challenging. Some vendors don’t ever get an assessment and we never revisit any vendors to re-assess them. Every vendor should have an assessment, and vendors should receive an assessment every 12 months. We need to know who is missing an assessment or is up for reassessment.

Synopsis

We have a problem (lack of oversight or a checkbox-style TPRM strategy) and we know what we need (visibility into assessment standing). Now, let’s think about how we could solve that visibility gap. What exact mechanisms would we want in place to address this problem?

We want to add a ‘needs to be assessed’ label to any vendors that:

a) have never been assessed or

b) have not had an assessment in more than 12 months.

Once we have this label you, an excellent TPRM strategist, will be able to see exactly which vendors to start assessing.

Workflow formula

Now, you can move directly into Risk Automations and start building... or, you can take a few moments to write out a formula. Think of a formula as a recipe for how you’re going to structure your automation. Taking a few moments now to think through a formula makes it easier to actually build later.

Sequence Description Notes
Trigger This workflow should run automatically and daily. A daily scan ensures we’re keeping a consistent eye on vendors who need assessment.
Action 1 Pull a list of all monitored vendors. In order to ask questions about our vendors, we need to know who they are. e.g. We need a list of all monitored vendors. 

This node grabs all your monitored vendors so the workflow can process them.
Action 2 Insert an if/then rule: 

If: vendor has never been assessed, or if the assessment is from 12+ months ago, then: funnel them to the step ‘add vendor label’. 

If: vendor has an assessment from within the last 12 months then funnel them to the step ‘do nothing’.		 This is the heart of our workflow. It’s what is going to segment our vendor list into vendors that need to be assessed and vendors that don’t need to be. 
Action 3 Add vendor label. For any vendors that are funneled down this path, add the vendor label: needs assessment.  
Action 4 Do nothing. For any vendors that are funneled down this path do nothing.