Supplier Risk Management
The purpose of Abriska 27036 is to help you improve both the effectiveness and efficiency of your supplier information security due diligence process. This is achieved by providing you with the capacity to tailor your question set and ask more in-depth questions of suppliers who have access to more sensitive or critical information.
The core set of questions that form the due diligence has been developed by URM’s team of information security and data protection practitioners and is closely aligned to both ISO 27001 and ISO 27036.
Initial Setup
Organisation setup steps can be followed from our general Organisation Setup page. This will guide you through the setup of contacts to manage supplier questionnaires, divisions to segregate suppliers into and adding documents to attach to questions.
There is a required configuration that must be completed before adding suppliers and sending out questionnaires. This is completed within the SRM Setup page in Abriska and consists of: establishing the risk rating for the pass of a questionnaire, reviewing or creating the questions (which are against the controls) and creating the categories which suppliers can fall into and ensure they receive only relevant questions.
You will find additional setup features that will help to refine your questionnaires further.
Abriska 27036 – Process Overview
The following areas are applicable after the above required configuration is completed within SRM Setup.Supplier Dashboard
Supplier Details and Questionnaire Workflow
Reviewing Completed Questionnaires
Trouble Shooting (Supplier Risk Management)
What the Supplier sees
Useful Videos
Supplier Risk Management - Video GuidesReturn to Abriska User Guides