Skip to main content
All CollectionsS2VENDOR
Enterprise Features
Enterprise Features
Kevin avatar
Written by Kevin
Updated over 3 years ago

Although S2Vendor is designed for small and large organizations alike, there are certain configurations that will better serve a large, complex enterprise.

VIEW VENDOR LIST

Purpose:

Large organizations often have multiple parties vested in the outcome of vendor risk management. These parties might include a CISO, director, compliance team, legal department, purchasing, etc. This permission was created to give these parties read-only access to the information housed in S2Vendor without letting them make any risk decisions. Notably, this permission does not require a paid license.

How it Works:

Turn on this permission in the User Settings. Users with this permission can navigate throughout S2Vendor while restricted to read-only status. There are select exceptions to the read-only status. Mainly, that users with this permission can use filter/sorts on the list pages, export data, and download attachments.

RESTRICT ACCESS

Purpose:

In large organizations, vendor risk management responsibilities are often shared by a team of risk managers. The division of responsibilities might be based on any number of things such as business unit, geographical location, specialty area, etc. In the situation where certain risk managers need to be assigned to only certain vendors, their access can be restricted.

How it Works:

Inside the vendor profile, access can be restricted on an individual basis or based on the business unit assigned. See section below on Business Units. If the access is restricted to specific risk managers, only those risk managers will see that vendor in the list. Additionally, only those risk managers will receive notifications pertaining to that vendor.

There is no reason to restrict access if all risk managers oversee the same vendors.

BUSINESS UNIT

Purpose:

Reference the purpose of "Restrict Access".

How it Works:

From inside the Business Unit settings, risk managers can be assigned to specific business units. If the vendor is assigned to this business unit, all of the risk managers in that business unit will see the vendor in the list and receive notifications pertaining to that vendor. This is another way of organizing restricted access.

There is no reason to assign risk managers to any business unit if there is no need to restrict access.

SUPERVISOR

Purpose:

Assuming there is a team of risk managers running the program,

the supervisor permission was created to provide oversight.

How it Works:

Risk managers with this additional permission can see all vendors in the list and will receive all notifications pertaining to all vendors in the program. In this way, they have total visibility into all the risk decisions being made by their team of risk managers.

VENDOR LIST FILTERS

Purpose:

The vendor list is intended to provide critical information at-a-glance on the vendors in your program. While there are a slew of filter options available, two specific filters are useful for narrowing the vendor list by

  1. Business Unit (and the risk managers restricted to that business unit)

  2. Risk Manager

How it Works:

Apply the filter to find vendors associated with either a certain business unit or risk manager.

SMTP

Purpose:

Configure the SMTP settings to send system emails through your company's server(s). This extra step enables email delivery to be tracked, and ensures that the emails will be treated more credibly upon arrival to your internal users and vendors.

How it Works:

The SMTP Settings will require the following information.

  • Sender Email

  • Sender Name

  • SMTP Server

  • SMTP Port

  • SMTP Username

  • SMTP Password

Once this information has been added, there is a TEST button that will send a test email to confirm delivery.
โ€‹

SAML

Purpose:

Many large organizations make use of single sign-on (SSO) to simplify the login process for their users. For the administrator, SSO can help us with user-activity management and user-account oversight.

How it Works:

SecurityStudio is currently integrated with Okta and has been approved by Microsoft Azure to be included in their gallery. See SAML Settings to run through the checklist of required inputs.

MESSAGE SETTINGS

Purpose:

The Message Settings inside S2Vendor provide total visibility into system-generated messages. Given the fully automated nature of S2Vendor, organizations need a place to review what gets sent out and when. Within the settings, the administrator is able to review the default language and replace it with language that better suits their business' needs.

How it Works:

The Message Settings have a full listing of all system emails sent by S2Vendor. For each email type, the following information is provided.

  • Recipient (e.g. vendor contact)

  • Description (e.g. vendor contact reminded of overdue assessment request)

  • Trigger Event (e.g. starts 1 week after the assessment is overdue)

  • Frequency (e.g. 1x/week until assessment completed)

The administrator will be able to assign replies to a specific registered user and edit the language used in the subject line and body of the email. This includes a library of data placeholders that can be pulled in.

Once the customized email template is ready, it can be published. There is also a reset option in case the administrator needs to revert back to the default template.

Did this answer your question?