Adding, editing and disabling a vendor

This article will guide you on how to add, edit, or disable a vendor with TrustLens.

Vendor details

Clicking on a vendor name displays key details, including:

1. Recent Assessments: Lists completed and ongoing assessments.
2. Connected Documents: Shows associated compliance and security documents.
3. Connected Systems: Displays linked systems.
4. Vendor Contact Information: Allows entry of key vendor contacts.

The vendor list is automatically populated after adding systems to the Systems. TrustCloud assigns default data classifications based on system classifications.

Adding a vendor

To add a vendor, navigate to the Vendors Dashboard or the Vendors page.

A step-by-step guide to adding a vendor

1. To add a new vendor, click on the “+ New Vendor” button on the top right-hand side of the page.
2. Select a vendor from the “Frequently Added Vendors” list.
3. Click on the “+ Add” button in front of the vendor name.
   
4. To add a new vendor, you can also type the new vendor name in the search bar and click on “Create.” It will navigate you to the “Add New Vendor” page.

   

5. Enter details like vendor name, vendor website, data classification, group, vendor owner, vendor tier, and assessment owner, and select whether the vendor is a subprocessor.
   The following screenshot shows the vendor details page for adding a new vendor.
   

   

6. You can add tags and certifications that a vendor possesses, like GDPR, ISO, NIST, etc. In the GDPR and CCPA sections, you can provide the purpose and the location if it is required. You can provide additional details, such as links to “Terms of Service,” “Privacy Policy,” and “Security Page,” for a better understanding of the vendor.
   The following screenshot shows other information you can provide about a vendor that is not mandatory.
   
   
7. Click on the “Add Vendor” button, and you can view the newly created vendor. This vendor will appear on the vendor list.
   The following screenshot shows the newly added vendor.

   

8. You can view risk assessments, documents, systems mapped to the vendor and contact information. You can also add new risk assessments, documents, or contact details for the newly added vendor.
   

Editing a vendor

To edit vendor details,

1. Click on the vendor name to go to the vendor details page.
2. Click on the three-dot icon in the right corner.
3. From the drop-down menu, click on “Edit Details.”

On this details page, you can add or edit:

1. Vendor Name
2. Vendor Tier
3. A vendor’s website
4. Group
5. Data Classification
6. Is a subprocessor
7. A location
8. Certifications
9. A description of the purpose
10. Link to the vendor’s terms of service
11. Link to the vendor’s privacy policy
12. Link to the vendor’s security page

Additionally, you can add tags to each vendor, add documents or links, and add vendor contact information.

The systems that the specific vendor is mapped to are listed under the ‘Systems’ section. If you believe something is missing, double-check that all of the relevant systems have been added.

Disabling a vendor

Disabling a vendor denotes that you don’t use this vendor anymore. A disabled vendor still exists in your archive and is not deleted permanently.

A step-by-step guide to disabling a vendor

1. Click on the vendor name to go to the vendor details page.
2. Click on the three-dot icon in the right corner.
3. From the drop-down menu, click on the “Disable Vendor” button.
   The following screenshot shows how to disable a vendor.
   
   

Explore TrustCloud’s own GRC Launchpad articles to learn more.