# Configuring Supplier Risk Assessments (QMS) You can configure your Vault to help you manage the risk associated with suppliers. QMS supports performing [Supplier Risk Assessments](/en/lr/936654/), also known as Risk Ranking & Filtering (RRF) assessments, to identify and rank complex risk factors associated with engaging or continuing to work with a supplier. Supplier Risk Assessments can also be performed for a product, material, process, or site. This feature helps your organization remain compliant with the most up-to-date requirements for risk-based decision making. ## Configuration Overview We recommend the following steps to configure your Vault to perform Supplier Risk Assessments: * [Configure objects][1] * [Configure the _Scoring Method_ picklist][3] * [Configure user permissions][2] ## Configuring Objects {#objects} ### Configure the Assessment Object For Vaults created prior to 25R3, the Supplier Risk Assessment feature does not include a standard layout for the _Assessment_ object. Configure a layout for the _Risk Factor_ object type on the _Assessment_ object according to your business requirements. A configured layout might look something like the following: To configure the _Assessment_ object: * Activate the _Risk Factor_ object type. * Activate the following fields and [add](/en/lr/26387/#how-to-add-object-fields) them to the relevant layout: * _Assessment Score_ * _Evaluation For_ * _Final Risk Classification_ * _Risk Factor Template_ * _Suggested Risk Level_ * [Add](/en/lr/26387/#related-object) a _Risk Factor Scoring_ related object section to the object layout. ### Configure the Risk Factor Category Object To configure the _Risk Factor Category_ object, [add](/en/lr/26387/#related-object) a related object section for the _Risk Factor_ object. ### Configure the Risk Matrix Object For Vaults created prior to 25R3, the Supplier Risk Assessment feature does not include a standard layout for the _Risk Factor Template_ object type on the _Risk Matrix_ object. To configure the _Risk Matrix_ object: * Activate the _Risk Factor Template_ object type. * Activate the _Scoring Method_ field. * [Make the _Dimensions_ field optional](/en/lr/15057/#required) and remove it from the layout your organization uses for Supplier Risk Assessments, which do not use dimensions. * [Add](/en/lr/26387/#related-object) a related object section for the _Risk Factor Category_ and _Risk Level_ objects. ## Configuring the Scoring Method Picklist {#sm-picklist} The _Scoring Method_ picklist on the _Risk Matrix_ object determines the options users can select on a _Risk Factor Template_. Their selection determines how Vault calculates the _Assessment Score_ for a _Risk Factor Assessment_ using that _Risk Factor Template_. Depending on your organization's process, you can [activate](/en/lr/1269/#inactive) or inactivate the following values on the _Scoring Method_ picklist: * **Average**: Vault calculates the average of all _Risk Factor Scores_ for the assessment. * **Multiply**: Vault multiplies all _Risk Factor Scores_ for the assessment. * **Sum**: Vault calculates the sum of all _Risk Factor Scores_ for the assessment. ## Configuring User Permissions {#user-permissions} Users must have the following permissions to perform Supplier Risk Assessments: * _Read_ permission on the following objects: * _Risk Factor_ * _Risk Factor Category_ * _Risk Level_ * _Risk Factor Template_ object type on the _Risk Matrix_ object * _Edit_ permission on the _Risk Factor Scoring_ object * _Create_ and _Edit_ permissions on the _Risk Factor_ object type on the _Assessment_ object Business Admins must have the following permissions to create and maintain _Risk Factor Templates_: * _Create_ and _Edit_ permissions on the following objects: * _Risk Factor_ * _Risk Factor Category_ * _Risk Level_ * _Risk Factor Template_ object type on the _Risk Matrix_ object [1]: #objects [2]: #user-permissions [3]: #sm-picklist