S2Vendor is a prescriptive, VRM solution with a built-in workflow set to standards that meet due diligence requirements. That being said, there are multiple ways S2Vendor can be configured to meet individual business requirements.

Administrators can add their own fields to the vendor profile screen. This information is collected internally from the administrators, themselves, in order to create a more robust record on the vendor. The following fields types are available:

EXAMPLE 1:
Does the vendor have a SOC2? (single choice)

EXAMPLE 2:

Contract renewal date (date picker)

Learn how to add custom fields here

The Vendor List view has the following pre-set columns:

The Columns button allows the administrator to add additional columns to the Vendor List by picking from 1) existing data fields maintained by the system or 2) any custom field. This enables the administrator to customize their working view.

Additionally, the table on the Vendor List screen can be exported at any time to an Excel sheet. The Columns button allows for more ad hoc reporting.

Learn how to apply custom columns here

S2Vendor's default classification is comprised of 10 questions that help determine the potential risk impact of the vendor to the organization. The built-in classification is used by most organizations; however, it can be replaced entirely.

This requires all new questions with new scoring values. Administrators are responsible for setting what scoring ranges will result in the low, medium, and high impact classification.

The new classification can be set as the default, go-to.

Learn how to create a custom classification here

Organizations frequently require information from vendors that is outside the scope of the S2Score Assessment. Administrators can build out these requirements in custom questionnaires that go out to the vendor alongside the assessment. Vendors encounter these questionnaires prior to hitting the assessment screens.

These are unscored questionnaires intended to grab and store information from the vendor. Administrators can built questionnaires from the following field types:

Currently, only medium and high impact vendors can receive custom questionnaires. In the near future, this functionality will be extended to low impact vendors.

Learn how to add custom questionnaires here

The built-in S2Score Assessment cannot be modified by administrators, meaning that questions cannot be rephrased, removed, or added to. This is intentional as the S2Score Assessment is a standard across the industry.

Despite this limitation, there is 1 acceptable way to modify the assessment. Administrators can create medium and high copies of the assessment called "templates". Inside these templates, individual statements and/or whole sections can be pre-marked N/A. If this assessment template is applied to a vendor, those N/A statements and/or sections will look complete as the administrator has already determined them not to be applicable to the vendor. Vendors can still choose to answer these marked statements and/or sections, but it is not required.

Templates are particularly useful for types of vendors but are not recommended for one-off use cases.

EXAMPLE: The organization has many individual sub contractors who need to be inventoried and assessment but they will not be able to answer certain sections of the assessment that deal with organizational controls like background screenings for their employees. The vendor could mark these sections N/A themselves, or the administrator could apply the "Sub Contractor" template from the library and pre-acknowledge that these statements and/or sections are not applicable to the vendor in question.

Learn how to create an assessment template here