Create a workflow for the autonomous risk-monitoring of your vendors
Safeguard Compliance
Estimated Read Time: 13 Minutes
Estimated Configuration Time: 30 - 55 Minutes
This features required for this workflow come from the MIQ Advanced plan:
- Market IQ Workflow Triggers
- Market IQ Workflow Card Data
- Market IQ Workflow Form Sections
If you would like to have this enabled for your Gatekeeper tenant - or wish to learn more about MIQ Cyber Advanced features - please contact your CSM or reach out to our CS Team here to discuss upgrading
Sections in this Article
🛠 Mandatory Configuration Steps 🛠
Amend the Email Notification Content
Configure the Form Questionnaires
🛠 Additional Configuration Steps 🛠
Before you Start - Other Considerations
Getting Started - How to start using your new workflow
The Workflow - Overview
This workflow is designed to enable the automatic monitoring your vendors for any Financial or Cybersecurity risks
Once you have connected a vendor to one of our Market IQ modules, setting up this workflow will allow the live data (which is continuously & automatically updated in Gatekeeper) to trigger reviews based on changes to these Market IQ risk scores
Demo Video Coming Soon...
The Workflow - Configuration
To configure the whole process in one sitting, we will be recording walkthrough videos for you to follow along
In the meantime, you can follow the subsequent bullet points/videos which have been broken up into smaller steps....
Configuration Video Coming Soon...
Adding the Template
Before you get started with the configuration, you will of course need to add the Template workflow to your tenant.
Step 1) Head to the Workflows page
Step 2) Hit Add > Workflow Template
Step 3) Select the 📉 Market IQ Escalation 📈 Template
Step 4) If necessary, amend the new workflow's Title
Including the Market IQ module name is recommended!
Step 5) Hit ✅ Create
🛠 Mandatory Configuration Steps 🛠
These are the basic steps required to make the workflow functional
Technically, once you complete this chapter, your new workflow will work as an end-to-end process
The ⬇️ Additional Configuration ⬇️ steps are optional additions to change the scope of the process & adapt the workflow further to fit your organisation's practices & Gatekeeper subscription
Configuration Video Coming Soon...
Configure the Workflow Trigger
Step 1) Head to the Workflows page
Step 2) Click to edit the workflow then select the Workflow Triggers option
Step 3) Hit ➕ ADD TRIGGER
Step 4) Enter a Trigger Name
Step 5) Configure all the conditions for this by hitting ➕ADD
For Market IQ Financial, we recommend Trigger 1:
Boolean |
Field |
Operator |
Data Value |
and | Vendor / Market IQ | Financial / Credit Rating / Trending | Down | |
and | Vendor / Market IQ | Financial / Credit Rating | one of | C, D, E |
and | Vendor / Status | one of | Pipeline, Live |
For Market IQ Cyber, we recommend Trigger 2:
Boolean |
Field |
Operator |
Data Value |
|
and | Vendor / Market IQ | Cyber / Security Grade / Trending | Down | ||
and | Vendor / Market IQ | Cyber / Security Score | less than | 75 | |
and | Vendor / Status | one of | Pipeline, Live |
Important Note on Gatekeeper Triggers
Each individual trigger operates with the 'AND' logic. To achieve the above examples would require 2 individual triggers:
- Trigger 1 to monitor Market IQ Financial
- Trigger 2 to monitor Market IQ Cyber
NB. It is possible to set multiple active triggers for your workflow
You may want to do this to hold some Vendor types to higher standards than others
Example
Your standard trigger for the Market IQ Cyber workflow would be the above 3 conditions
However, you could also set up an additional trigger for specific Vendors, such as:
Field | Operator | Data Value |
Vendor Type | one of | Critical |
Vendor / Market IQ | Cyber / Security Grade / Trending | Down | |
Vendor / Market IQ | Cyber / Security Score | less than | 85 |
Vendor / Status | one of | Pipeline, Live |
Create Workflow Group/s
Step 1) Head to Settings > Users
Step 2) Hit Add > Workflow Group
Step 3) Enter the Title of this new group
Entering a Description is optional but can be included to help you identify the group if making updates to your workflow groups in future. It may be useful to mention the team & processes this group has been created for
Step 4) Edit this new Group to begin adding Members
Recommended Group:
- A centralised "Risk/Vendor Management Team"
Potential Additional Groups:
- For MIQ Cyber: An "InfoSec Team"
- For MIQ Finance: A "Finance Team"
Assign Phase Owners
Part 1 - Risk Review Phases
Step 1) Head to the Vendor & Risk Management Review phase & hit Edit this Phase
Step 2) Navigate to the Form Access tab
Step 3) Select the responsible Users/Groups under Card Owners & hit ✅ Save
The owner of this phase could be your Vendor Management Team and/or the specific team responsible for the risk (e.g. InfoSec for MIQ Cyber or Finance for MIQ Financial)
Step 4) Repeat Steps 1-3 for the following phases:
Holding Phase | Monitoring
Offboard Vendor
NB. The "Internal Vendor Manager Review" phase is already configured to be owned by the Internal Vendor Owner, with a "backup" owner being the Card Creator*
*This is a failsafe for Vendors which do not have an internal owner assigned
Amend Email Notification content
The template is designed to work for monitoring Vendor Risks coming from the Market IQ Financial data feed or the Market IQ Cyber data feed
As a result, you need adapt the messaging and dynamic content in the notification emails.
Step 1) Select a phase where you wish to amend the notification content & hit Edit this Phase
Step 2) Navigate to the Notifications tab
Step 3) Hit the Edit button for the Email Template for any of the enabled Notifications
Step 4) Delete the tag (and the word "OR") from the below line which is not relevant to your workflow:
{{ market_iq_financial.summary }} OR {{ market_iq_cyber.summary }}
Step 5) Add any other context as necessary for your review process
Step 6) Hit ✅ Update, then ✅ Save
Add the Market IQ Metadata to the Form
Step 1) Go to the start phase of the workflow & hit Edit this Phase
Step 2) Navigate to the Form tab
Step 3) Scroll to the bottom and hit ADD SECTION
Step 4) Give the section a Name (e.g. "Market IQ Financial Data")
Step 5) Select Predefined: Vendor, then for Custom Data Group choose Market IQ | Financial
Step 6) Hit ✅ Save
You can also use REORDER to drag & drop this new section to a different position in the form
Once you add this form section, by default it will be "Read Only" for all phases
If you want to do so, you could change it to Hidden for phases where the Market IQ values should not be shown to users (e.g. on the Vendor Portal phase)
Configure the Form Questionnaires
There are 3 custom Form Sections in the workflow. These are designed to allow you to capture context/feedback/decisions from your users during the review process
1 - "VENDOR OWNER QUESTIONNAIRE"
Purpose: Capturing feedback from the Internal Vendor Manager. The pre-existing [Yes/No] field allows the ability to escalate this review form to the Vendor for more details
Suggested/Example Additions:
- How important/healthy is our relationship with this vendor? [Multiline freetext]
- How important is the service they provide to us? [Multiline freetext]
- What is your desired outcome if the issue/risk is too large for us to accept? [Multiline freetext]
2 - "VENDOR PORTAL QUESTIONNAIRE"
Purpose: Capture feedback directly from the Vendor being risk assessed. This could give them the chance to provide additional context or reassurance about the new risk
Suggested/Example Additions:
- Were you aware of this recent incident? [Yes/No]
- Is there any context about the risk we should know? [Multiline text]
- What policies/procedures were in place to mitigate this issue? [Multiline text]
- What steps are being taken to mitigate/remedy this issue? [Multiline text]
- What steps are being taken to prevent a re-occurrence? [Multiline text]
3 - "INTERNAL DECISION"
Purpose: Capture the actions from the main Vendor/Risk Management decision makers
Suggested/Example Additions:
- Notes (if vendor will be offboarded) [Multiline text]
- Notes on reasons the risk can be accepted [Multiline text]
- BCP/Risk Planning Document [Attached file]
Step 1) Head to the start phase & hit Edit this Phase
Step 2) Navigate to the Form tab
Step 3) Within the Form Section you wish to amend:
Option A) Hit ➕ ADD FIELD to include additional questions in the form
Option B) Hit the menu icon then amend or remove fields
🛠 Additional Configuration Steps 🛠
This chapter will contain optional steps to amend the scope or preconfigured settings of the workflow so that it works optimally for your organisation & users
Configuration Video Coming Soon...
Remove the Vendor Portal Review
When a risk arises which could jeopardise your relationship with a vendor, it is prudent to get all necessary context before acting - this could include insight from the Vendor themselves
This is why the workflow template includes an option to involve them in your review
However, if you do not have the Vendor Portal in your Gatekeeper subscription, this will need to be removed, making this workflow into an internal review process:
Part 1 - Remove transitions pointing to the Vendor Review phase
Step 1) Head to the Internal Vendor Manager Review phase and hit Edit this Phase
Step 2) Navigate to the Transitions tab & click the Submit | Escalate to Vendor transition
Step 3) Next to Condition 2, hit the Delete icon
Step 4) Switch the Transition Status to Pipeline then set Transition to Phase to No Transition
Step 5) Now hit < Back & use the Delete icon to remove the transition entirely
Part 2 - Remove the associated Form question
Step 1) While still on the Internal Vendor Manager Review phase, navigate to the Form tab
Step 2) Delete the VENDOR QUESTIONNAIRE form section
Step 3) In the VENDOR OWNER QUESTIONNAIRE section, delete the fields for "Context" and "Should we escalate...?"
Part 3 - Archive the Phase
Now head to the Vendor Review phase and hit Archive
✋ Before you start - Additional configuration to consider 🤚
If you have followed the steps above, your workflow is almost ready to go
However, to ensure this process runs as smoothly and reliably as possible, there are some other areas of your Gatekeeper environment you should check over!
Connect Vendors to MarketIQ
It goes without saying, but Vendors cannot be monitored for Risk reviews via this workflow if the Market IQ data is not being pulled from our automated data feeds
Connecting Vendors to MIQ Financial
Step 1) Click to open a Vendor Record
Step 2) Navigate to the Market IQ tab & hit ➕ Add Market IQ | Finance to this Vendor
Step 3) Select the correct company in the Data Match list & hit Apply
⬇️ See our article below for more details on connecting vendors to Market IQ Financial ⬇️
Connecting Vendors to MIQ Cyber
Connecting vendors to Market IQ Cyber is much simpler than Financial - You just need to ensure you have populated a Website for the vendors you wish to monitor via the module
⬇️ See our article below for more details on connecting vendors to Market IQ Cyber ⬇️
To ensure you are connecting any new vendors added to Gatekeeper, we recommend embedding this connection within your Vendor Onboarding process
If you do not already have one, see the below Article for a Best Practice Vendor onboarding workflow
Populate Internal Vendor Managers
The first phase of this workflow works best if the appropriate Vendor Manager can be assigned & notified that one of their relationships is showing a new risk
Step 1) Find a vendor which does not have an Internal Owner in your repository
Step 2) Click to Edit this vendor & navigate to the Owners tab
Step 3) Assign an owner & hit ✅ Save & Exit
You can also bulk-update your vendors to assign owners much faster - see below article:
Add Vendor Users
If you want to be able to involve your vendor contacts in this process to provide potentially crucial context, they need to be added to your vendor records in Gatekeeper
Step 1) Click to open a Vendor Record
Step 2) Navigate to the Vendor Users tab to check what user contact details have been already added
Step 3) Hit Add > Vendor User to add a new contact
If you want to invite them to the Vendor Portal straight away you can tick ☑️ Invite into Gatekeeper before hitting ✅ Save
Otherwise, the workflow will automatically invite them into Gatekeeper if a card lands on the Vendor Review phase
You can see a full list of all Vendor users in your tenant in the Vendor Users Report:
Getting started! ⚡️
Switching on your trigger/s
Step 1) Head to the Workflows page
Step 2) Click to edit the workflow then select the Workflow Triggers option
Step 3) Click your trigger's name
Step 4) Switch the Trigger Status from Pipeline to Live
Step 5) Repeat for all triggers you have added
Your monitoring workflow is now active!
Any of your Market IQ-connected vendors showing a drop in their scores in line with your trigger conditions will automatically begin a risk review process
Additional Reading 📚
Learn about the data available within our CreditSafe integration module
Learn about the data available within our Security Scorecard integration module
⚡️Supplier Portal Expert - Invitation Emails
Review the best way to configure how your Vendor users will be invited to the Gatekeeper platform
A simple configuration task but extremely important if you want to set clear expectations from the outset and operate with transparency in all your new relationships
Learn how to manually trigger test cards for this workflow to test out the process before switching on the real triggers for your active Vendors