Not logged in - Login
< back

SRM Setup

Supplier Risk Management setup

Controls

A default set of controls are visible. The control set available from URM is taken from ISO 27001:2013(*). Additional controls can be added. More information is available in the controls section and also information relating to the control assessment questions (questions sent to your suppliers).

Categories

Probably one of the most important components of Abriska. Categories provide the opportunity to tailor the questionnaire based on the nature of the commodity or service provided by the supplier. If there were only one category then all suppliers would receive all questions regardless of the commodity or service being provided. There is a default set of 17 categories. All of these categories can be edited. New categories can be added at any time. Only relevant categories are assigned to suppliers. On the default list, you will see the category name, description and whether controls have been allocated (you can click to view and amend the assigned controls) and the corresponding number of questions assigned.

Risk Rating

To understand whether the responses to the questionnaire are leading to an acceptable or unacceptable level of risk, you can assign a risk rating through the setting of risk appetite thresholds. A high-risk commodity or service being provided by the supplier could have a different set of tolerance levels than a low risk supplier. For a high-risk supplier, you may require a score of 100% on the allocated questions, whereas for a low risk supplier you may tolerate a much lower level of compliance. The table expresses residual risk based on the responses to the questionnaire and subsequent evaluation by subject matter experts. It is completely configurable. Example: For a high-risk supplier with an attribute score of ‘3’, only a questionnaire score of 90% or more would be negligible residual risk, whereas a score of 0% would be high risk.

Risk Rating

MasterFilter Questions

MasterPreviously 'Master' questions, filter questions are designed to provide a further breakdown of control questions. A master question can be used to remove a whole section of control questions, based on their yes/no answer. Or can be stand alonestand-alone yes/no questions. These questions carry no weighting on the overall survey of the supplier/vendor.

Supplier Communications

There are three default emails configured with Abriska, all can be customised within the interface:
  • The first is to be sent to the supplier to enable them to register on the system.
  • The second provides the introduction to the questionnaire
  • The third is a reminder email to the assigned contact at the supplier.

Locating the questions

Questions are related to controls. To view the questions, select > SRM Setup > controls > 'named control'. On the sidebar menu, an option is made available 'View Questions', these are the questions associated with that control. Select the relevant question and make any amendments and then select ‘Submit’.

One of the advantages of Abriska is that questions relate directly to controls, this allows a clear articulation of the risk presented and offers specific corrective actions based on international best practice. For this reason, questions need to be related to controls.

For additional information and support on control questions please got to control assessment questions.


Back to Supplier Risk Management

(*) 27001:2013 Will be subject to change and update in 2022.