The Vendors section in ControlMap allows you to examine your preferred vendors’ cybersecurity compliance in relation to your own. You can populate this section with relevant vendor information, add contracts or security compliance documents, and assess potential risks with their products and services.
Add Vendors From List
- Select Create Vendor or Add Vendor.
- Click the Add button beneath the company name to automatically add the vendor to your register.
The Properties sidebar tracks the status of your vendor evaluation and allows you to provide additional details about the vendor for future use.
- Select the bolded name of your vendor.
- On the vendor details page, the Properties sidebar is located to the right. From here, you can update vendor information including the status of the assessment, the vendor type, the internal owner and the vendor's contact details. The contact information can be saved by clicking the floppy disk icon to the right of the fields, and all other selections are saved automatically after selection.
Manually Add Vendors
- If you’d like to add a vendor that isn’t listed, select + Add Manually below the search bar on the Add Vendor panel.
- Add the vendor’s name, contact’s name, contact’s email and their company’s logo on this panel.
Documents & Links
After adding your vendors, you can now add additional information about them for your team and your auditor.
- Click the bolded vendor name from your Vendor list, which will take you to the details page for that vendor.
- The Documents & Links tab is what you should see first. Select Upload Documents to add any relevant documentation from this vendor to ControlMap. You can upload from Google Drive, Dropbox or directly from your hard drive. You can also link to an existing document in your library by selecting the From existing documents tab. You can search for the title of the document, select it and then click Upload to add it to the vendor details.
- Add a direct link to the vendor's website by clicking Add Link. Type in the vendor's name in the Name * field and copy/paste the URL of their website in the Link * field. Select Add Link to complete the process.
This section of the Vendor details page allows you quickly assess your vendor's cybersecurity standing. If the majority of your selections are unknown or negative, you may need to perform a more detailed risk assessment for the associated vendor.
- Select the Quick Assessment tab.
- Select Yes, No or NA for the associated questions.
- After making selections, upload documentation related to these questions via the Upload link.
- Add notes to clarify your selections by clicking the --Notes -- field. Type your notes and click the Update button to save your changes.
If your Quick Assessment of a vendor was inconclusive or worrisome, you can set up a more comprehensive assessment for the vendor via the Risk Assessment tab.
- Select the Risk Assessment tab.
- Select the New Assessment button to the right of the Risk Assessment tab.
- The Create vendor risk assessment sidebar will appear to the right. Fill out the Assessment Name, Start Date, End Date and select Risk Assessment from the Questionnaire dropdown menu. The risk assessment questionnaire contains 41 questions that can then be sent to your vendor contact. Your contact will receive an email with a link to a secure landing page and a security code, which they can use to answer the assessment questions without having access to the rest of your command center.