Glossary of Terms for the Vendor Risk Management Module
This glossary contains terms that will help you use the Vendor Risk Management module in your KCM GRC platform. For general information about the Vendor Risk Management module, please see our Vendor Risk Management Module Guide article.
A questionnaire is a set of questions that you can create to assess your vendors. You can use questionnaires to determine whether you want to work with a vendor.
For more information about questionnaires, see our How to Create and Configure Questionnaires article.
A custom question is a question that you can create and add to questionnaires. You can create individual custom questions in the questionnaire builder, or you can import a set of questions into the questionnaire builder.
For more information about custom questions, see our How to Use Custom Questions in Questionnaires article.
Questionnaire statuses can help you monitor the progress of your questionnaires as you prepare the questionnaires for your vendors.
See the list below for details about each questionnaire status.
- Configured: The questionnaire is fully set up and ready for review. Answer options, correct answers, and points are all set. When you create a questionnaire, you can set this status by clicking the Mark as Configured button.
- Not Configured: The questionnaire is not fully set up. You must set answer options, correct answers, and points before you can mark the questionnaire as configured.
- Reviewed: The questionnaire is fully set up, and a Vendor Administrator or an Account Administrator has reviewed it. When the Vendor Administrator or Account Administrator reviews a configured questionnaire, they can set this status by clicking the Mark as Reviewed button. Then, you can send the questionnaire to your vendors.
For more information about marking the questionnaires as configured and reviewed, see our How to Create and Configure Questionnaires article.
A vendor is any third-party organization that your organization works with. You can add vendors to the Vendor Risk Management module to send them questionnaire assessments.
Qualifying questions are questions that you can use to assess the level of risk associated with each vendor in your platform. You can view or answer the qualifying questions by navigating to a vendor's Vendor Details page.
A vendor contact is a person from the vendor's organization who you will be working with for questionnaire assessments. On the Vendor Details page, you can provide contact information for one or more vendor contacts to give them access to questionnaires. However, the vendor contact who is listed in the Contact Email field is the only person who will receive email notifications about questionnaires (click to view).
The Vendor Dashboard provides an overview of the potential risk that your vendors pose for your organization, as well as an overview of your organization's questionnaires and questionnaire issues.
For more information about the Vendor Dashboard, see our How to Use the Vendor Dashboard article.
You can create a vendor issue when you review a vendor’s questionnaire responses and want to request additional information or to address a concern.
A vendor profile includes any information about a vendor that administrators have added to your account. Administrators can create vendor profiles by entering information into the Vendor Details page, or they can create vendor profiles by importing a CSV file.
For more information about vendor profiles, see our How to Create and Manage Vendor Profiles article.
A vendor score is the average score of all questionnaires that the vendor has completed. You can use vendor scores to determine whether you need to continue assessing a vendor or whether you need to request additional information from a vendor. Generally, higher scores indicate that the vendor has a lower risk level, and lower scores indicate that the vendor has a higher risk level.
Vendor statuses can indicate your organization's involvement with a vendor. You can use these statuses to organize the vendors in your platform.
See the list below for details about each vendor status.
- Active: You may change the vendor status to Active if your organization is currently working with the vendor. You can send the vendor questionnaires if the vendor’s status is Active.
- Inactive: You may change the vendor status to Inactive if your organization is not currently working with the vendor.
- Incomplete: When you import a vendor, the vendor’s status defaults to Incomplete. You may also change the vendor status to Incomplete as a reminder to add information to the vendor profile.
- Pending Approval: When you create a new vendor, the vendor’s status defaults to Pending Approval. You can also manually set this status before deciding whether you want to work with a vendor. You can send the vendor questionnaires if the vendor’s status is Pending Approval.
- Rejected: You may use this status after you receive a vendor’s questionnaire and decide not to work with the vendor.
A vendor user is a user role that only has access to questionnaires, issues, and files that KCM GRC administrators have added to the Attachments tab of the Vendor Details page. Vendor users do not have access to any other information in your organization's account, and they do not count against your licensed seat count for KCM GRC. To access questionnaires, vendor users must sign in to a separate portal that is associated with your account. You can add vendor users from the Contacts tab of the Vendor Details page.