Supplier Risk Management
The purpose of Abriska 27036 is to help you improve both the effectiveness and efficiency of your supplier information security due diligence process. This is achieved by providing you with the capacity to tailor your question set and ask more in-depth questions of suppliers who have access to more sensitive or critical information.
The core set of questions that form the due diligence have been developed by URM’s team of information security and data protection practitioners and are closely aligned to both ISO 27001 and ISO 27036.
Initial Setup
Organisation setup steps can be followed from our general Organisation Setup page. This will guide you through the set-up of contacts to manage supplier questionnaires, divisions to segregate suppliers into and adding documents to attach to questions.
There is required configuration that must be completed before adding suppliers and sending out questionnaires. This is completed within the SRM Setup page in Abriska and consists of establishing the risk rating for the pass rather of a questionnaire, reviewing or creating the questions (which is against the controls) and creating the categories in which suppliers can fall into and ensures they recieved only relevant questions.
You will find additonal setup features that will help to refind your questionnaires further.
Abriska 27036 – Process Overview
The following areas are applicable after the above required configuration is completed within SRM Setup.Supplier Dashboard
Supplier Details and Questionnaire Workflow
Common Tasks - Questionnaires and Distribution
Reviewing Completed Questionnaires
Trouble Shooting (Supplier Risk Management)
Useful Videos
Supplier Risk Management - Video GuidesReturn to Abriska User Guides