Managing IT Vendors
HOPEX IT Risk Management is used to identify IT vendors (software editors and service providers).
You can:
• specify the cost of products and services purchased from each vendor for the past year.
• assess vendors by assigning them a value, based where appropriate on the questionnaires sent via campaigns.
Identifying IT Vendors
The IT RM functional administrator identifies IT vendors (software editors, service providers).
The vendors and technologies may have previously been identified in
HOPEX IT Portfolio Management or
HOPEX IT Architecture.
Specifying the Cost of Products and Services
Every year, the IT RM Manager enters a global annual amount for products and services purchased from the vendor.
On this basis, the IT GRC Manager determines the rank of the supplier.
This information is entered for reference purposes in
HOPEX IT Risk Management.
To enter these costs:
2. Click Vendors.
3. Select a vendor in the list that appears.
4. In the properties of a vendor, select the Vendor Information page.
5. In the properties dialog box, enter the following information in the Financial Information section:
• Total amount purchased
• Rank
The information in this section is for the end of the year prior to the current year.
You can specify the following information:
• Main contact information
• Billing information
Assessing Vendors
The IT RM Manager can assess the risk associated with a vendor.
To assess a vendor:
2. Click Vendors.
3. Select a vendor in the list that appears.
4. From vendor properties, select the Vendor Risk Assessment page.
5. Enter a value to qualify the risk linked to the vendor.
You can also launch campaigns with a view to assessing the vendor and if required, confirming your assessment. In this case, the assessor must be defined in the assessment session. For more details, see
"Assessments by Questionnaires".
