In this article:
Use the new TPRM dashboard tabs to understand the current state of your vendor risk management program and take action on the things that matter most.
Share your thoughts on the new dashboard
Vendor risk management tab
The vendor risk management tab focuses on breach likelihood in relation to your entire vendor population across all Portfolios or to a specific Portfolio using the dropdown. It doesn't apply to Watch List data.
Note: When you're in the "all Portfolios" view, you won't be able to select individual tiles or elements.
Elements
Monitored vendors:
This includes all vendors using a slot. Choosing this view will take you to the Portfolio selected in the dropdown.
How do I use this?
Navigate to the selected Portfolio and add as many companies as there are available slots
Vendors with incidents (30 days):
This is the number of vendors with a known incident in the last 30 days. Choosing this view shows you a list of vendors with the "breaches, last month" filter applied.
How do I use this?
Stay aware of any new incidents or breaches affecting companies in your Portfolio. After reviewing the breach details, you can send a questionnaire to that vendor to find out if your organization was affected.
Vendors with critical business impact:
Number of vendors where the business impact is "critical."
How do I use this?
Understand your critical vendors and continuously monitor them as part of vendor risk management best practices. If you don’t see a number here, you might need to assign the business impact to your list of vendors.
How do I assign business impact?
From your Portfolio, go to "Companies." Select the companies that need an impact level, then choose "Assign Business Impact." From the dropdown, you can choose "none," "low," "medium," "high," or "critical" impact.
.
Average grade/score (30 days):
The average grade/score across the selected Portfolio or across all Portfolios during the last 30 days.
How do I use this?
See, at a glance, the overall health of your Portfolio(s). A higher average grade reduces your organization's risk of a third party-related breach.
Vendors by business impact:
This is the number of vendors in a risk matrix of business impact vs. breach likelihood. For example, choosing the top right red box will take you to the Portfolio filtered by "business impact, "critical" and grade, "F."
How do I use this?
Identify high-risk vendors, prioritize mitigation efforts, and make informed decisions to enhance overall security. Mitigation efforts include sending a vendor a questionnaire, Action Plan, or discussing alternative solutions with your business stakeholders.
Grade distribution across vendors:
The total and percentage are displayed above each bar. For example, choosing the left green bar will take you to the Portfolio with the grade "A" filter applied.
How do I use this?
Ideally, you want to try and reduce risk by “shifting left.” It's best practice to reduce the number of vendors in the F, D, and C columns because they're more likely to be breached. Mitigation efforts include sending a vendor a questionnaire, Action Plan, or discussing alternative solutions with your business stakeholders.
Vendors with the greatest positive/negative score change (30 days):
This is a matrix of the top 15 and bottom 15 vendors that experienced the greatest score change in the last 30 days. The bottom tiles show the worst performing vendors. Choosing each dot or tile will take you to that vendor’s Scorecard.
How do I use this?
Easily see which vendors are improving their security and which are not. Navigate to the worst performers' Scorecards to review and send them Action Plans or questionnaires to address risks.
Most common issues:
This represents the most common issues across the vendors within the Portfolio selected. Choosing any issue will automatically apply that filter to your Portfolio list.
How do I use this?
Understand where on your third-party attack surface you're most vulnerable.
Vendor engagement tab
The options on this tab are related to the communication and engagement with vendors.
Status of evidence requested:
This is the number of evidence requests your organization has sent out to vendors.
How do I use this?
See how many outstanding requests you have and review the documentation associated with any approved requests.
Vendor status:
The number of active and inactive vendors. "Active" means they've logged in during the past 90 days.
How do I use this?
This quickly shows how many vendors are active on the platform. We recommend inviting or reaching out to any inactive vendors with lower scores. You can filter on the Portfolio status column to see inactive vendors.
Status of sent questionnaires:
This includes the number of questionnaires sent, the number of overdue questionnaires, and the number of questionnaires by status. "Overdue" means they were sent, but have not been “accepted or closed” and the due date has passed. You can choose a colored section of the "all questionnaires" circle to dig in deeper. For example, choosing the purple section of the circle will take you to questionnaires with the "status, ready for review" filter applied.
How do I use this?
Easily understand the status of questionnaires you’ve sent. For the questionnaires ready for review, you can review the responses and either follow up with the vendor or close them. In addition, you can send out reminders about any overdue questionnaires.
Action Plans:
This is the number of Action Plans created and their status. "Draft" means created, but not shared. "Sent" means shared, but not completed, and "overdue" means it's not completed and the due date has passed.
How do I use this?
Review the list of Action Plans you've created and ensure they've been shared with the target vendor. You can also send out reminders about any overdue Action Plans.