< back

Supplier Risk Management

The purpose of Abriska 27036 is to help you improve both the effectiveness and efficiency of your supplier information security due diligence process. This is achieved by providing you with the capacity to tailor your question set and ask more in-depth questions of suppliers who have access to more sensitive or critical information.

The core set of questions that form the due diligence ~~have~~has been developed by URM’s team of information security and data protection practitioners and ~~are~~is closely aligned to both ISO 27001 and ISO 27036.

Initial Setup

Organisation setup steps can be followed from our general Organisation Setup page. This will guide you through the ~~set-up~~setup of contacts to manage supplier questionnaires, divisions to segregate suppliers into and adding documents to attach to questions.

There is a required configuration that must be completed before adding suppliers and sending out questionnaires. This is completed within the SRM Setup page in Abriska and consists ofof: establishing the risk rating for the pass ~~rather~~ of a questionnaire, reviewing or creating the questions (which isare against the controls) and creating the categories in which suppliers can fall into and ~~ensures~~ensure they ~~recieved~~receive only relevant questions.
You will find ~~additonal~~additional setup features that will help to ~~refind~~refine your questionnaires further.

Abriska 27036 – Process Overview

The following areas are applicable after the above required configuration is completed within SRM Setup.

Supplier Dashboard
Supplier Details and Questionnaire Workflow
Reviewing Completed Questionnaires

Trouble Shooting (Supplier Risk Management)
What the Supplier sees

Useful Videos

Supplier Risk Management - Video Guides

Return to Abriska User Guides