IBM OpenPages Third Party Risk Management (TPRM) workflows
IBM OpenPages® Third Party Risk Management includes sample workflows. You
can use them as-is or modify them to meet your requirements. The sample workflows can also be used
as templates and learning tools for your own workflows.
The sample workflows are enabled in fresh installations.
- Vendor Selection
- This workflow is used when selecting vendors. This workflow can be used by Procurement or a Business Entity in their process. The first step is to identify the vendor responsibilities to be added as part of the client’s RFI process. Once determined, the RFI will be created and a list of vendors to participate is determined. The client then uses their own RFI process and tracks the outcomes. The end user will then use the Due Diligence workflow prior to final selection. At the completion of the Vendor Selection workflow, the user can launch the Vendor Onboarding workflow.
- Vendor Due Diligence
- This workflow is for conducting due diligence on a potential third party. A questionnaire or checklist (based on internal processes) can be added to document the due diligence process. The workflow begins with identifying the vendor, assigning a user to the due diligence task. Once the fact gathering is complete, the workflow documents the approval steps to either accept or reject a vendor.
- Vendor Onboarding
- This workflow is used for onboarding a third party. A questionnaire or checklist (based on internal processes) can be added to document the onboarding process. The workflow begins after a Vendor has been through the due diligence and selection workflows and the initial contract is signed. A user will review and input relevant information, assign the vendor’s criticality, and will assign controls and KRIs. The final step will be to schedule the next assessment period for the vendor.
- Vendor Contract Negotiations
- This workflow allows a user to track the progress of contract negotiations. The workflow begins with the Business defining the contractual terms and providing them to Legal for drafting and editing. Once the draft contract is prepared, the contract is delivered to the Vendor with steps for redlining and final approval.
- Vendor Termination
- This workflow allows a user to complete the termination process of a vendor. Steps include identifying the vendor, finding a replacement vendor (if needed), completing a termination checklist, termination notice, and final confirmation.
- Vendor Assessment
- The user will use this workflow when conducting a vendor risk assessment. Steps include Questionnaire identification, Questionnaire preparation, conducting assessment, review, accept/reject, and creation of issues.
- Vendor Identified Global Issue
- This workflow can be used when a global issue is identified across your vendors. A global issue is likely created due to a failure of the end user’s policy, procedure, and/or control that a vendor has adopted. Steps include: identifying a global (enterprise-wide) issue that has been discovered; identifying the deficiencies that raised the issue; reviewing the internal policies, procedures, and controls; updating needed documentation; and sending notice to all vendors of the updates made.
- Vendor Issue Remediation
- This workflow can be used when an issue with a vendor has been identified to work through the remediation process. Steps include: identifying an issue with a vendor, identification of the deficiencies that raised the issue, creating an action plan, completing the mitigation tasks, documenting an exception and/or termination.