How to Use Vendors & Engagements for Assessment Purposes

Modified on Thu, 27 Jul, 2023 at 1:59 PM

Introduction

C1Risk enables you to track, assess and evaluate all your third-party dependencies at either the vendor (company) or engagement (contract/project) level.

Where companies are performing multiple contracts, or impacting different aspects of the business, multiple engagements can be created and separate internal or external evaluations can be performed.

When assessing a Vendor, C1Risk recommends always creating an engagement to send the assessment, noting that all risk scoring and findings will roll up to the associated vendor from the engagement record.

C1Risk recommends the following process for assessing vendors:

Create the Vendor Record.
Assign the internal business point of contact (POC) in your company to the vendor record.
Create an Engagement from the vendor record.
Assign the POC in the vendor company to the engagement record.
If internal onboarding assessment is required, create an assessment from either the Vendor or Engagement contact and send it to the POC.
For security review, use the same Engagement record to send the assessment and assign it to the Engagement Primary Contact.

How to Use Vendors & Engagements for Assessment Purposes

Introduction

Create the Vendor Record.

Assign the internal business point of contact (POC) in your company to the vendor record.

Create an Engagement from the vendor record.

Assign the POC in the vendor company to the engagement record.

If internal onboarding assessment is required, create an assessment from either the Vendor or Engagement contact and send it to the POC.

For security review, use the same Engagement record to send the assessment and assign it to the Engagement Primary Contact.