Configuring Supplier Risk Assessments

You can configure your Vault to help you manage the risk associated with suppliers. QMS supports performing Supplier Risk Assessments, also known as Risk Ranking & Filtering (RRF) assessments, to identify and rank complex risk factors associated with engaging or continuing to work with a supplier. Supplier Risk Assessments can also be performed for a product, material, process, or site. This feature helps your organization remain compliant with the most up-to-date requirements for risk-based decision making.

Configuration Overview

We recommend the following steps to configure your Vault to perform Supplier Risk Assessments:

Configuring Objects

Configure the Assessment Object

For Vaults created prior to 25R3, the Supplier Risk Assessment feature does not include a standard layout for the Assessment object. Configure a layout for the Risk Factor object type on the Assessment object according to your business requirements. A configured layout might look something like the following:

To configure the Assessment object:

  • Activate the Risk Factor object type.
  • Activate the following fields and add them to the relevant layout:
    • Assessment Score
    • Evaluation For
    • Final Risk Classification
    • Risk Factor Template
    • Suggested Risk Level
  • Add a Risk Factor Scoring related object section to the object layout.

Configure the Risk Factor Category Object

To configure the Risk Factor Category object, add a related object section for the Risk Factor object.

Configure the Risk Matrix Object

For Vaults created prior to 25R3, the Supplier Risk Assessment feature does not include a standard layout for the Risk Factor Template object type on the Risk Matrix object.

To configure the Risk Matrix object:

  • Activate the Risk Factor Template object type.
  • Activate the Scoring Method field.
  • Make the Dimensions field optional and remove it from the layout your organization uses for Supplier Risk Assessments, which do not use dimensions.
  • Add a related object section for the Risk Factor Category and Risk Level objects.

Configuring User Permissions

Users must have the following permissions to perform Supplier Risk Assessments:

  • Read permission on the following objects:
    • Risk Factor
    • Risk Factor Category
    • Risk Level
    • Risk Factor Template object type on the Risk Matrix object
  • Edit permission on the Risk Factor Scoring object
  • Create and Edit permissions on the Risk Factor object type on the Assessment object

Business Admins must have the following permissions to create and maintain Risk Factor Templates:

  • Create and Edit permissions on the following objects:
    • Risk Factor
    • Risk Factor Category
    • Risk Level
    • Risk Factor Template object type on the Risk Matrix object