The Inherent risk rubric customization feature is part of our Vendor Risk Management product. With auto risk scoring, each vendor will receive a score that reflects the level of risk they pose to your organization based on the criteria you have established. This can help you make more informed decisions about vendor selection, risk mitigation, and ongoing Vendor management.
Configure Auto Risk Scoring
- From the left-hand navigation panel, select Vendors
- Open the Settings page and select the Inherent risk rubric tab
- Select Edit this rubric
Risk Rubric Sections
Editing a default section
- The default sections can be edited by selecting the pencil icon
- Edit the name and choose if you would like the section to be enabled by toggling it on
- Select Save
Adding a custom attribute to a default section
- Select the + icon in the default section
- Add a name, status (enabled or not enabled), description, and score, and map it to any relevant vendor categories.
- Select Save
Creating a custom section
- Select + Add new section
- Provide a section name, and add any custom attributes you would like listed under the section.
- Add a description and score to each new attribute
- Select Save
Security Review Risk Scoring
- Once a security review has begun, you can leverage the auto-risk scoring or manually assign a risk level to the vendor.
- Open the Vendor review and select the pencil icon next to Inherent risk
- From here, you can manually assign risk by choosing the edit drop-down
Or
- You can leverage the auto-score by toggling Auto-score based on risk attributes and inherent risk auto-score configuration to on
- If you are using auto-scoring, complete the Risk attributes section to provide enough context for calculating the score.