Skip to content

Latest commit

 

History

History
50 lines (34 loc) · 2.72 KB

managing-vendors.md

File metadata and controls

50 lines (34 loc) · 2.72 KB

👨‍💻 Managing vendors

The Vendors tab is convenient for managing all third-party vendors involved in your AI application.

Vendors screen

Each listed vendor has a name, an assignee to that vendor, a vendor status indicator, the risk status of the vendor, and a review date.

By clicking the gear icon in the rightmost column, a given vendor can be edited or removed from the project.

Add or edit a vendor

You can change a vendor's settings by clicking the corresponding gear icon and then 'Edit'. Alternatively, click Add new vendor on the top right corner of the screen to create a new vendor.

Vendor details

To add a new vendor to a project, you need to first provide details on the vendor.

To add a new vendor, add the following to the "Vendor details" tab. Just a note that when a vendor is added, it is available for all projects.

  1. Vendor name
  2. Website: Provide a URL to the vendor's website.
  3. Project name: Select the project that the vendor is assigned to.
  4. "What does the vendor provide?": Explain how the vendor is integrated with your AI application.
  5. Vendor contact person: Provide the full name of a contact from the vendor.
  6. Review status (Active/ Under review/ Not active): Select the appropriate review status.
  7. Reviewer: Designate the organization member responsible for the review.
  8. Review result: If a review has been conducted, report the result of the review.
  9. Risk status (Very low/ Low/ Medium/ High/ Very High): Note the risk status of the new vendor.
  10. Assignee: Assign someone to the vendor.
  11. Review date: Note down the date of vendor review, if one was conducted.
  12. If done, click Save.

Risks

If the vendor poses any risks, this needs to be monitored. The "Risks" tab allows users to provide details on risks posed by the new vendor, if any.

  • Risk description: The risk that may be posed by the new vendor.
  • Impact description: The (hypothetical) impact of the risk.
  • Impact (High/ Moderate/ Low): The scale of disruption threatened by the risk
  • Probability: Possibility of the risk causing disruption
  • Risk severity (Critical/ Major/ Minor): The acuteness of danger (e.g. to data privacy or human safety) posed by the risk
  • Action plan: An action plan to mitigate and/or avert the risk
  • Action owner: The person responsible for mitigating this risk and implementing the action plan

\