Define third-party risk scoring rules
Define criteria, based on risk scores, that determine which third parties require assessments. Third-party risk scoring rules apply to subsidiaries and engagements and to third-party risk areas.
Before you begin
Role required: sn_vdr_risk_asmt.vendor_risk_manager
Procedure
-
Select New, fill in the form, and then select Submit.
Table 1. Third-party Risk Scoring Rule form Field Description Name Name of the scoring rule. Description Description of the scoring rule that will help other users understand its intent. Number For each third-party risk scoring rule, the system auto-assigns a unique ID number that starts with the text VRS. The unique ID is used in all references to the item. You can use the ID to search or filter for the item that you want to work on.
Third-party risk area criteria The risk area criteria that applies to this engagement risk scoring rule.
A third-party risk area criteria is a group of risk domains (sometimes called risk areas in other platform features) that applies to a particular type of third party. See Define third-party risk area criteria for details on how the criteria are defined.
Third-party risk component criteria Criteria for third-party risk assessments, engagements, and subsidiaries that applies to this risk scoring rule.
Components are the entities for which you can assess risk (for example, subsidiaries or engagements). A component criteria is a group of components that should apply to a particular type of third party or engagement.
Active Option to activate the rule. Only active rules are applied. Order Select the order to indicate the rule's precedence. If multiple rules apply to the same third-party risk area, engagement, or subsidiary, the one with the higher-order value is applied. Vendor filter Use the condition builder to define the rules for selecting third parties. For example, you can filter on third parties with whom you do considerable business (Size is $1,000,000) or third parties within a specific category (Category is software).