All Collections
S2VENDOR
Administration
Timing of Events
Timing of Events

Understand key trigger points and timelines

Caitlin Fox avatar
Written by Caitlin Fox
Updated over a week ago

S2Vendor's workflow relies on a series of key trigger points within the evaluation cycle.

Evaluation Cycle

Description

Timing

Risk Manager​ adds vendors to inventory, choosing to create a vendor record or start the evaluation immediately.

There is when a custom workflow might be selected if the vendor should be exposed to custom questionnaire(s).

The inventory takes time to build up. It is fairly common to begin with highly sensitive vendors in software, finance, or human resources.

Over time, the scope can broaden to include all other vendors.

Relationship Owner receives welcome email with instructions to register and complete the vendor classification.

30 days to complete each assigned classification.

1 reminder email a week until classification is complete.

Risk Manager ​receives

to-do to review classification and confirm.

There is when an assessment template might be applied so that

certain statements are pre-marked as N/A.

Assessment will be sent to vendor when the classification is confirmed.

The classification can also be confirmed without sending an assessment request to the vendor. In this case, the Risk Manager is responsible for following up.

Vendor Team ​receives welcome email with instructions to register and complete the assessment request.

30 days to complete assessment request.

1 overdue notice a week until assessment submitted.

Risk Manager​ receives to-do to review submitted assessment. Can choose one of the following actions:

  1. Re-open assessment and follow-up for more information

  2. Make the final determination to end evaluation (Accept/Reject)

  3. Pursue remediation (optional)

Re-opening the assessment allows the Risk Manager to set a new due date.

Making the final determination closes the evaluation permanently.

Risk Manager​ reviews Full List of tasks and assigns tasks to vendor with individual due dates​.

Vendor Team​ receives email with list of assigned remediation tasks. Can ask questions, attach files, and submit completed tasks for approval.​

All remediation tasks have their own due date.

It is fairly common for Risk Managers to assign remediation items that they do not expect the vendor to complete before the current evaluation is closed. This gives notice to the vendor that these tasks need to be addressed sometime in the future.

Risk Manager​ receives

to-do to review submitted tasks. Can make the final determination to end the evaluation at any time (Accept/Reject).

The overall evaluation is time-sensitive, and it is ill-advised to keep remediation open for more than 2-3 months.

The next evaluation date is automatically scheduled to start 12 months out.

Risk Manager receives a monthly email with a list of vendor evaluations starting in the next 30 days.

There is when it would be appropriate for the Risk Manager to change the next evaluation date if there is an acceptable reason to delay or push it off.

The next evaluation date can be changed from the Vendor's Profile.

Did this answer your question?