From gathering questionnaires to storing documents and launching reviews - the Vendor Detail page is where you work in Whistic.
This is an overview of where and what tools are available.
Let's start with the menu options and a brief summary of the tools available on each.
Overview
-
Vendor Information header. On the Overview page, you have an expanded view of the header. As you move to other areas, the header gets condensed. Here are the key fields:
- Vendor name
- Product / Service
- Vendor Status (Active, Inactive, Prospect)
- Assessment Status
- Description
- Criticality
- Inherent / Residual Risk
- Score Summaries - CrowdConfidence, RiskRecon
-
Vendor Actions. Access these options from the triple dot menu, upper right.
-
Edit Overview
- Adjust any of the fields in the header
-
Export Vendor Details
- Export the vendor field values into a spreadsheet
-
Archive Vendor
- Remove the vendor from your records. Learn more here. To unarchive, contact support@whistic.com.
-
Merge Vendor
- Combine two vendor records - learn more here.
-
Edit Overview
-
Assessments
- Begin assessments by requesting sources (documents, questionnaires, etc) from a vendor.
- Track outstanding requests.
- Begin reviews of available sources.
- Learn more here.
-
Program Automation / Renewal Cadence
- Use this toggle to turn on automatic questionnaire requests to a specific vendor contact on a customized cadence.
- Learn more here.
Vendor Summary (conditional)
- An AI-powered feature that will quickly identify and review a vendorโs compliance or non-compliance with various security controls, using all available sources of evidence provided by the vendor.
-
This is a CONDITIONAL menu option. It will be available if:
- You have agreed to AI features
-
Smart Search has been Enabled
- Learn more about Vendor Summary here.
- Learn more about Smart Search here.
Document Repository
- A central location for all your vendor's documents
- Documents are added to this repository through:
- Direct upload
- Attaching documents to a questionnaire
- Accepts the following file types:
- pdf, csv, xls, xlsx, doc, docx, zip, and images
- Complete these additional actions here:
- Assess - Create a new assessment based on this document. Learn more here.
- View - View the document in browser.
- Download - Download the document.
- Delete - Remove the document. Note: If the original file location is elsewhere (ie. a Questionnaire), it must first be deleted there.
-
Generate a SOC Summary - Summarize the SOC document. Learn more here.
Business Information
- Sub-menus:
-
Contacts - View, Add and delete contacts for this vendor. These include:
- External Contacts:
- Label applied to your contact at the vendor
- To keep contacts current, use the Update Vendor button. Learn more here.
- Note: Once a contact completes a request, they can't be removed from the list for auditing purposes.
- Internal Contacts:
- Individuals working with the vendor within your business.
- External Contacts:
-
Billing
- Capture all the payment and contract information for this vendor.
-
Contacts - View, Add and delete contacts for this vendor. These include:
Communication
- Sub-menus
- Follow-Ups - Set reminders for internal vendor contacts. Learn more here.
- Notes - Internal users can create text-based notes, attached to the vendor record. They can be deleted, but not edited.
Data and System Access
- Track the Data and Systems the vendor can access.
- These are typically captured during the vendor intake process. However, they can be modified after the vendor record is created here.
- Set up these classifications using Program Automation - learn more here.
Issues
- Create and track Issues associated with this vendor.
- By default, only open Issues are displayed. Remove the filter to show all associated Issues.
- Learn more here.
Ratings
- Whistic supports the following continuous monitoring integrations:
-
RiskRecon - Using the following options:
- Included - Access vendor security preview data, supplied by RiskRecon
- Integration - Link your RiskRecon account to Whistic to pull in associated vendor ratings. Learn more here.
-
Bitsight
- If you have a Bitsight account, it can be linked to Whistic using this integration.
- Once connected, you can track the associated scores in the vendor record within Whistic.
-
RiskRecon - Using the following options:
Vendor Intake
- Any custom Fields and Sections will show up here.
- To learn more about customizing your Intake form, go here.
- Most fields can be modified after the vendor record is created, by going to this section and selecting Edit.
- To only show fields required by the intake form (ie. shown through logic or marked required), select the toggle Show Necessary Fields.
Certifications (conditional)
- Available when Whistic has additional vendor data, such as Audits and/or Certifications that the vendor has achieved.
- Sourced through Whistic web analytics.