Add Vendors / 3rd Parties
Vendors and 3rd parties play a crucial role in today's business landscape. From suppliers of raw materials to technology providers and service partners, organizations rely on the expertise and capabilities of these external collaborators. Effective vendor management is key to harnessing the benefits of these partnerships while ensuring compliance, maintaining quality standards, and mitigating potential risks. In this guide, we will show you how to add vendors to your porfolio.
TABLE OF CONTENTS
Adding a New Company
To add a new vendor/3rd party to your portfolio simply type in the name in the top search bar of the portal. Since RiskRecon has a vast database of companies already within the system, there is a chance that the company you are looking for is already in there.
Existing Companies
If you find the company you look for simply click on the "+" sign and you will be taken to the menu to add this to your portfolio.
Once clicked you will be taken to the overview page of that company, here you can double check that you have the right company and either Select and Continue or select one of the related companies instead:
In the next window you can select what Subscription / license you want to use for this vendor/3rd party and what Risk Folder this vendor needs to be placed in. You can also add an internal Company name and an Internal ID. Both of these are only visible within your own portal and are optional. This can be useful when you want to add internal identifiers to the portfolio and companies. Once you click "Add Company to Portfolio" it will be visible within your portal.
Adding New Companies to RiskRecon
If the company you are looking for is not in the system already you can simply ask RiskRecon to add them to their scans and your portfolio. Click the "Want something else?" button to start the wizard.
Within the window type the Company name you want to add, add at least one domain name of that company. (Preferably the top level / main domain.) You can always add more than one domain name if you want to. Once put into the Example Company Websites field click the plus sign to add.
In this wizard you must also select what Subscription / license you want to use for this vendor/3rd party and what Risk Folder this vendor needs to be placed in. You can also add an internal Company name and an Internal ID. Both of these are only visible within your own portal and are optional. This can be useful when you want to add internal identifiers to the portfolio and companies. Once you click "Add Company to Portfolio" it will be visible within your portal.
If all done select the "Submit button" and the request will be made, you will receive email confirmation on this.
Usually requests are processed between 1-5 working days. If the requested company is very large this might take longer.
Subscription Levels
RiskRecon works by charging per vendor/3rd party that you put into the system. There are 4 different types of licenses that you might have or will want to use. If you want to see how many you use at any given moment head over to Portfolio and you will see how many you have within your portal:
If you want to know how many you are allowed to use then contact us and we are able to provide you with an overview.
Own Enterprise License
RiskRecon Own Enterprise™ continuous assessment service is designed specifically for the exacting demands of an organization that assesses its own organization’s security performance. It provides summary performance trends, ratings and issue insights, along with detailed evidence and findings, automated action plans, and full IT and 3rd party risk profiles. Own Enterprise assessments are built on (a) an analyst-curated company profile, (b) analyst trained supervised machine learning model, and (c) RiskRecon automated scanning service. Additionally, RiskRecon analysts perform a monthly manual review of the assessment to maintain lowest false positives and false negatives possible.
This service also includes ongoing, scheduled reviews between our experienced analysts and Subscriber security team(s). During these reviews, Subscriber may request RiskRecon staff to conduct investigations into specific issues, create custom reports and perform additional research, and collaborate with other departments in Subscriber’s organization to advise on remediation steps.
RiskRecon Own Enterprise continuous assessment is commonly used for risk management of your own enterprise and subsidiary organizations.
Advisor (Continuous)
RiskRecon Advisor™ provides continuous monitoring and assessment, delivering summary ratings and issue counts, along with detailed evidence and findings, automated action plans, and full IT and 4th party risk profiles. It combines: (a) an analyst-built company profile, (b) analyst trained supervised machine learning model, and (c) RiskRecon automated scanning service.
RiskRecon Advisor continuous monitoring is commonly used for risk management of third-parties that require periodic analyst security assessment.
Discover (Continuous)
RiskRecon Discover™ is a fully-automated solution that produces summary security scores and risk-prioritized issue counts. It provides no findings detail or related action plans or supporting workflow. This is an entirely machine-driven approach that requires no RiskRecon analyst involvement.
RiskRecon Discover is commonly used to survey populations of vendors and other external entities that are not under formal analyst risk management, but whose summary security ratings may trigger deeper investigation.
Snapshot
RiskRecon Snapshot is the same as RiskRecon Advisor, except that it only provides a point-in-time summary and detailed security ratings assessment of the organization.
RiskRecon Snapshot is commonly used in RFP processes to conduct one-time assessments of a group of vendors. It is also used to support assessments of mergers and acquisitions.
If you need any help choosing what license you need to use or if you need more licenses don't hesitate to contact us.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article