As part of your vendor risk management process, general business units will need to request vendor security reviews. Without needing a Whistic account, they can do this by opening the Vendor Intake link and completing the form.

Once the form is submitted, the new vendor will appear in your Vendor Catalog and your security team is notified. At that point, you can review the new vendor details to determine what type of security review to complete.

To access the form link:

1. Select Admin Tools from the left menu

2. In the sub-menu, select Program Automation

3. The following page is a directory to the Program Automation features. At the bottom is the Vendor Request Form. There are options to copy the link, which you can then distribute internally. 

4. You can inform those who use the form that the Business Sponsor (Internal Contact) will receive an email notification of the Vendor Assessment Status once it has been set through a finished review (email template below). Notifications do not currently go out when the status is manually changed without a direct connection to an assessment review.

Subject: [Vendor Name] has been assessed in Whistic

Message: [Reviewer] has completed an assessment of [Vendor Name]. Assessment Status has been set to: [Status]

There is currently no further configuration for example to allow SSO users only to access the form.

What's next?

  • Your Security team can also add a vendor directly from the Vendor Catalog - go HERE

  • For help customizing your Intake Form - go HERE.

Did this answer your question?