Supplier Reviews

The supplier review is a specific module in Ciso. Customers that do not have this functionality in their license will need to upgrade the license.

Starting a supplier review

• To start a supplier review ad-hoc (without using an activity plan) navigate to organizations view by clicking “Organization” on the top right menu and then select “Organizations” on the left side menu.

• Select the supplier you want to review and click the supplier review tab and click start supplier review

• To start the review, three steps are needed, first you need to ensure you have contact person registered that you can send the requirements to. Click on row for step 1:

• Second step is to check that the scope is correct, click on row step nr 2:

• You will see a list of objects that the supplier is managing for you. If the list is not correct you need to update it.

  The last step is to check security requirements, click on row for step nr 3:

• It is possible to exclude requirements for a specific review, if you want to add requirements you need to configure that in security requirements (see chapter 2 for more information).

  When the preparation steps are done, press the button “Send out self-assessment”

• After pressing the send-out button, you will get another opportunity to change or add contact persons to send the assessment to.

Respond to supplier self-assessment

This step is normally done by your supplier, but in some cases, you might want to send out assessments to your own staff. Some suppliers will most likely not respond to your requirements, you can then use the same process to collect the information from for example an employee responsible for the supplier.

The contact persons will get an e-mail where they need to verify the e-mail address. After clicking verify the contact person can verify the email adress and start the review.

The portal is self-explanatory. The first step is to enter which certifications the supplier has. All security requirements fulfilled by the certification will be automatically answered in the assessment. This is connected to security services and the supplier check box as explained in section 5.2.

General and specific requirements need to be answered and then the supplier can submit the assessment.

Analyze the result of self-assessment

To check status of your supplier reviews, click “Compliance” on the top right menu and then select supplier reviews on the left side menu.

Find your review in the list and select it, it should be in state “Analyze” and have 100% answer rate when the supplier is done with it.

Click on row for step 1 to review the answers from the supplier:

By clicking done you accept the answers. If needed, it’s possible to change the supplier answers.

Next step is to assess supplier performance based on the assessment. Click on row for step 2:

For this guide we will not go deeper into the performance evaluation since it’s a broader topic. It’s not mandatory to complete this step.

Click on row for step 3 to approve the supplier review.

After finishing, the statements are automatically updated in Ciso. Select the organization and then the “Security requirements” tab.

If you click one of the requirements, you will see who actually stated (supplier) and who approved it.

Scope supplier review with planned activities

Click “Governance” on the top right menu and select “Planned activities” on the left side menu.

For this example, an activity plan for supplier reviews will be created and then will will add one activity series to the plan. To create a plan, click “Activity plans” on the left side menu and then click the + button in the top tight corner:

Press “Apply” - click on the activities tab and then click “New activity series”:

In the example above the review will be scheduled every six months and the owner will be notified when it’s time to execute the review.

To select which suppliers you want to include, press “Apply” and then click the “Included objects” tab:

Above a condition to include organizations, (suppliers) with the tag “guide” is configured. After pressing “Apply” you will see your selection of suppliers at the bottom of the window.