Resource Kit: Vendor Onboarding Requests

Overview
Resources for building a process and system
Resources for training your team

Overview

Vendor onboarding is a cornerstone of third-party risk management, it provides the essential visibility needed to understand who your vendors are and the specific risks they pose to your data and processes.

We’ve collected some resources designed to help you build a robust program from the ground up (from program inception to execution) while ensuring your team has the training and information they need to successfully submit requests.

Resources for building a process and system

Resource	Description
Vendor onboarding: the process	If you’re just starting with UpGuard or TPRM, this page walks you through what the overall vendor onboarding request process should look like and outlines the steps involved in implementing the processes.
Tiering kit (pdf)	Tiering is a crucial part of vendor onboarding requests. A vendor’s tier should determine the criteria you evaluate them against. This kit helps you think about how to create a tiering rubric.
Tips on successful onboarding portal adoption (pdf)	Before or after rolling out the onboarding portal, you’ll want to focus on making sure your team is equipped to successfully use it. This guide goes over high-impact ways InfoSec teams can encourage adoption and support implementation across the organization.
Vendor onboarding: automations	As you’re setting up your vendor request questionnaire, we highly recommend taking a few moments to create automation rules. Your future self will thank you.
Knowledge base how-to pages	We have a set of articles completely focused on the how-tos of vendor onboarding. From process outlines to the exact buttons you have to click to get things rolled out, we have you covered.

Resources for training your team

Resource	Description
Introduce UpGuard to your team (slide deck that will auto-download)	We strongly recommend training your team on why security reviews are important and what processes they’re expected to follow. We so strongly recommend focusing on team training that we made a slide deck for you. It’s (almost) ready for you to use, there are just a few areas to customize to make the slides pertinent to your team.
What to expect during your security review (pdf)	Similar to above, but this is for your team to access on-demand vs. during a presentation. It’s great for providing ad-hoc reminders or to use on an intranet to address FAQs that might come up.
Vendor onboarding: requesters	A page going over exactly what a requester should expect when filling out a vendor onboarding request. The goal is to help team members understand what to expect and why their requests are important.