Organisation (Supplier Risk Management)

Organisation Setup

Organisation setup steps can be followed from our general Organisation Setup page.

~~Organisation name is entered or amended here show along with a shortened version~~

Divisions

~~The organisational structure is created here. The organisation can be as wide and deep as is required~~

Documents

Internal documents such as audit reports or policy documents can be referenced within Abriska with links to storage locations outside of Abriska. Supplier evidence is uploaded and stored with the questionnaires.

Contacts

~~Internal contacts are created here and assigned to relevant teams and divisions~~

Resources

~~The first screen will show all resources set up for the organisation.~~

Create New Resource

Provides the ability to create new resources. This could be just suppliers or other resources could be added such as process, equipment, information (digital/physical), people, premises and technology. These additional resources can be useful in terms of creating dependency mapping between suppliers and other resources. Resources are assigned to owners and divisions. A supplier can only be associated with a single division, however, organisational administrators can be assigned access to suppliers outside of their division where a supplier is delivery service or commodity into that division and visibility of the risk assessment is required.

Resources By Division

~~Provides the ability to view resources by organisational unit~~

Resource Attributes

~~Review Division Resources~~

~~Organisational administrators can initiate reviews of the CIA attributes by owners, who receive a notification to do so. This may be required following a re-organisation, for example.~~

~~Resource Attribute Status~~

Provides a quick overview of those resources where the CIA attributes have been completed. The legend provides insight into whether the CIA attributes have been inherited and through selection of the resource type, the source of the inherited values is provided A supplier is a type of resource in ISO 27001 terms. All resource types can be added to Abriska if required. Resources attributes refer to Confidentiality, Integrity and Availability (CIA). Unless otherwise specified it the highest rating that is applied to the supplier, e.g. if Availability is critical but Confidentiality is not, then the supplier will be treated as critical based on availability attributes. There is an advantage of adding other resource types to Abriska as resource dependency maps can be generated, so that it is clear the higher level systems or processes that the supplier is supporting. In such cases, the supplier can inherit the criticality rating of the supported resource.

Return to Supplier Risk Management