Engaging Your Users in Your Vendor Risk Management Module
Your organization may have one or more users that will be working as a Vendor Administrator in your Vendor Risk Management module. Vendor Administrators create vendor questionnaire assessments, and work to mediate any issues that may arise from a vendor's assessment response. See our KCM GRC: User Roles article to learn more about the Vendor Administrator role.
Use the below message as a starting point to explain these workflows; your objectives for the Vendor Risk Management module (if desired); and the importance of completing these tasks in a timely manner. Customize the provided template to fit your specific goals. Before you send out the email, make sure to read through the content and replace the text within the brackets with your own.
Designing and implementing a strong cybersecurity plan is critical to the continuous operation and security of our organization. One of our risk management and information security initiatives includes completing a due diligence process with our vendors. This process allows us to confirm the safeguards our vendors have in place within their organization and assists us in maintaining our overall compliance and cybersecurity goals.
Our organization has decided to manage this process with a Vendor Risk Management (VRM) module offered as part of the KCM Governance, Risk, and Compliance management platform. Utilizing the KCM VRM module will help streamline our process and ensure we're partnering with vendors whose goal of protecting ours, and our customers' information - is backed by appropriate safeguards.
You have been handpicked to assist [your company name] with this risk management initiative. Through the KCM VRM module, you will create vendor profiles, prequalify risk, and build custom or industry-standard questionnaires to distribute to internal and external vendors. After reviewing the vendor-completed questionnaire, you may also need to follow up on vendor responses by requesting clarification and/or supporting documentation. The KCM VRM module refers to these requests as "Issues".
The portal is easy to navigate, but if you have any questions or concerns, please do not hesitate to reach out to [firstname.lastname@example.org]. For additional support, please reference the Vendor Risk Management Module website.
You will be receiving an email to confirm your KCM VRM account, which invites you to take part in this process.
Thank you for your cooperation,
[Your Organization's Name]