Sending Vendor Due Diligence Questionnaires
In this article, you will find:
Navigation guidance to access the Due Diligence Page.
A step-by-step guide on how to use the Vendor Questionnaires feature.
Accessing Vendor Questionnaires
Within the Vendor Questionnaires section, you can instantly share assessments with your third-party vendors. This process helps your organisation identify and evaluate potential risks based on the vendor's direct response.
The Due Diligence page can be accessed via the sidebar menu by navigating to Compliance > Vendor Management > Due Diligence, as shown below:
Navigation guidance for accessing the Due Diligence area
Sharing Vendor Due Diligence Questionnaires
Once you have navigated to the Due Diligence page, you will find the Vendor Questionnaires section. This area will appear similar to the example shown below:
Note: If you are accessing this page for the first time, the Vendor Questionnaires table will be empty, as no questionnaires have been sent to vendors, and no responses have been received.
Example of the Vendor Questionnaire area
To initiate an assessment for a third-party vendor, click the Send Questionnaire button located in the top-right corner of the Vendor Questionnaires table, as show below:
Location of the Send Questionnaire option
After clicking the Send Questionnaire button, a popup will appear where you can assign the risk assessment. To choose a vendor, click the Select Vendor field to open the dropdown menu and pick your desired recipient from the list. The vendors available in this selection are pulled directly from your Vendor List page.
Note: The organisations visible in this list are pulled from your Vendor List page and include all discovered vendors, whether they are currently marked as Pending, Accepted, or Denied. Including Pending vendors in this selection allows you to review their specific risk responses before officially deciding whether to Accept or Deny them within the platform.
Selecting a Vendor for assessment
After selecting a vendor, the Vendor Email field may automatically populate with a recommended contact address identified by the platform. Please note that this recommendation only occurs when the system can successfully fetch contact information for that specific organisation. If the suggested email is incorrect or if the field remains empty, you should manually remove the suggestion and input the correct email address for the individual handling security requirements. It is important to verify this address to ensure the risk assessment reaches the intended recipient.
Automatic vendor email detection
Finally, to send the risk assessment to your chosen vendor, click Send Questionnaire.
After sending the questionnaire, a confirmation message reading "Questionnaire sent successfully" will appear. The Vendor Questionnaires table will then update automatically to include the new entry. This newly added vendor will initially be displayed with a Pending status while you wait for their response, as shown below:
Example of newly added Vendor Questionnaire
Upon receiving the assessment, the vendor will be prompted to detail their approach to cybersecurity and compliance. The sent questionnaire specifically asks them to provide information across several key areas, including a company overview, organisational controls, people controls, physical controls, technological controls, and relationship & data context.
Once the vendor has completed the assessment, their responses are automatically recorded within the OneClickComply platform, and the status of the questionnaire will update to Completed.
Example vendor with the Completed status
To view a vendor's completed assessment, you can download their response in .xlsx format by clicking the Download button located on the far right of the vendor's row. Furthermore, the OneClickComply platform automatically ingests and reviews these submission to identify any potential risks. You can locate and manage these flagged risks by navigating to the Risk Review area under the Vendor Management dropdown in the sidebar menu.