🛠 Create Your Own - MarketIQ Monitoring & Escalation Workflow

Create a workflow for the autonomous risk-monitoring of your vendors

 

      Safeguard Compliance

      Estimated Read Time: 13 Minutes

         Estimated Configuration Time: 30 - 55 Minutes

 

This features required for this workflow come from the  MIQ Advanced plan:

  • Market IQ Workflow Triggers
  • Market IQ Workflow Card Data
  • Market IQ Workflow Form Sections

If you would like to have this enabled for your Gatekeeper tenant - or wish to learn more about   MIQ Cyber Advanced features - please contact your CSM or reach out to our CS Team here to discuss upgrading

 


 

Sections in this Article

Introduction

Workflow Diagram

Configuration

🛠 Mandatory Configuration Steps 🛠

Configure the Trigger/s

Create Workflow Group/s

Assign Phase Owners

Amend the Email Notification Content

Configure the Form Questionnaires

🛠 Additional Configuration Steps 🛠

Remove Vendor Portal

Before you Start - Other Considerations

Getting Started - How to start using your new workflow

Additional Reading



 

The Workflow - Overview

 

This workflow is designed to enable the automatic monitoring your vendors for any Financial or Cybersecurity risks

Once you have connected a vendor to one of our Market IQ modules, setting up this workflow will allow the live data (which is continuously & automatically updated in Gatekeeper) to trigger reviews based on changes to these Market IQ risk scores

 

Demo Video Coming Soon...

 

Workflow Diagram: XML / PDF

 

 


 

The Workflow - Configuration

To configure the whole process in one sitting, we will be recording walkthrough videos for you to follow along

In the meantime, you can follow the subsequent bullet points/videos which have been broken up into smaller steps....

 

Configuration Video Coming Soon...

 

Adding the Template

Before you get started with the configuration, you will of course need to add the Template workflow to your tenant.

Step 1) Head to the Workflows page

Step 2) Hit Add > Workflow Template

Step 3) Select the 📉 Market IQ Escalation 📈  Template

Step 4) If necessary, amend the new workflow's Title

Including the Market IQ module name is recommended!

Step 5) Hit ✅ Create

 


 

🛠 Mandatory Configuration Steps 🛠

These are the basic steps required to make the workflow functional

Technically, once you complete this chapter, your new workflow will work as an end-to-end process

The ⬇️ Additional Configuration ⬇️ steps are optional additions to change the scope of the process & adapt the workflow further to fit your organisation's practices & Gatekeeper subscription 

 

Configuration Video Coming Soon...

 

Configure the Workflow Trigger

Step 1) Head to the Workflows page

Step 2) Click to edit the workflow then select the Workflow Triggers option

Step 3) Hit ➕ ADD TRIGGER

Step 4) Enter a Trigger Name

Step 5) Configure all the conditions for this by hitting ➕ADD

        For Market IQ Financial, we recommend Trigger 1:

Boolean

Field

Operator

Data Value

and Vendor / Market IQ | Financial / Credit Rating / Trending   Down
and Vendor / Market IQ | Financial / Credit Rating one of C, D, E
and Vendor / Status one of Pipeline, Live

 

For Market IQ Cyber, we recommend Trigger 2: 

Boolean

Field

Operator

Data Value

 

and Vendor / Market IQ | Cyber / Security Grade / Trending   Down  
and Vendor / Market IQ | Cyber / Security Score less than 75  
and Vendor / Status one of Pipeline, Live  


Important Note on Gatekeeper Triggers

Each individual trigger operates with the 'AND' logic. To achieve the above examples would require 2 individual triggers:

  • Trigger 1 to monitor Market IQ Financial
  • Trigger 2 to monitor Market IQ Cyber

 

NB. It is possible to set multiple active triggers for your workflow

You may want to do this to hold some Vendor types to higher standards than others

Example

Your standard trigger for the Market IQ Cyber workflow would be the above 3 conditions

However, you could also set up an additional trigger for specific Vendors, such as:

Field Operator Data Value
Vendor Type one of Critical
Vendor / Market IQ | Cyber / Security Grade / Trending   Down
Vendor / Market IQ | Cyber / Security Score less than 85
Vendor / Status one of Pipeline, Live

 

Create Workflow Group/s

Step 1) Head to Settings > Users

Step 2) Hit Add > Workflow Group

Step 3) Enter the Title of this new group

Entering a Description is optional but can be included to help you identify the group if making updates to your workflow groups in future. It may be useful to mention the team & processes this group has been created for

Step 4) Edit this new Group to begin adding Members

 

Recommended Group:

  • A centralised "Risk/Vendor Management Team"

Potential Additional Groups:

  • For MIQ Cyber: An "InfoSec Team"
  • For MIQ Finance: A "Finance Team"

 

Assign Phase Owners

Part 1 - Risk Review Phases

Step 1) Head to the Vendor & Risk Management Review phase & hit Edit this Phase

Step 2) Navigate to the Form Access tab

Step 3) Select the responsible Users/Groups under Card Owners & hit ✅ Save

The owner of this phase could be your Vendor Management Team and/or the specific team responsible for the risk (e.g. InfoSec for MIQ Cyber or Finance for MIQ Financial)

Step 4) Repeat Steps 1-3 for the following phases:

Holding Phase | Monitoring

Offboard Vendor

NB. The "Internal Vendor Manager Review" phase is already configured to be owned by the Internal Vendor Owner, with a "backup" owner being the Card Creator*

*This is a failsafe for Vendors which do not have an internal owner assigned

 

Amend Email Notification content

The template is designed to work for monitoring Vendor Risks coming from the Market IQ Financial data feed or the Market IQ Cyber data feed

As a result, you need adapt the messaging and dynamic content in the notification emails.

Step 1) Select a phase where you wish to amend the notification content & hit Edit this Phase

Step 2) Navigate to the Notifications tab

Step 3) Hit the Edit button for the Email Template for any of the enabled Notifications

Step 4) Delete the tag (and the word "OR") from the below line which is not relevant to your workflow:

{{ market_iq_financial.summary }}  OR  {{ market_iq_cyber.summary }}

Step 5) Add any other context as necessary for your review process

Step 6) Hit ✅ Update, then ✅ Save

 

Add the Market IQ Metadata to the Form

Step 1) Go to the start phase of the workflow & hit Edit this Phase

Step 2) Navigate to the Form tab

Step 3) Scroll to the bottom and hit ADD SECTION

Step 4) Give the section a Name (e.g. "Market IQ Financial Data")

Step 5) Select Predefined: Vendor, then for Custom Data Group choose Market IQ  | Financial

Step 6) Hit ✅ Save

You can also use REORDER to drag & drop this new section to a different position in the form

Once you add this form section, by default it will be "Read Only" for all phases

If you want to do so, you could change it to Hidden for phases where the Market IQ values should not be shown to users (e.g. on the Vendor Portal phase)

 

Configure the Form Questionnaires

There are 3 custom Form Sections in the workflow. These are designed to allow you to capture context/feedback/decisions from your users during the review process


1 - "VENDOR OWNER QUESTIONNAIRE"

Purpose: Capturing feedback from the Internal Vendor Manager. The pre-existing [Yes/No] field allows the ability to escalate this review form  to the Vendor for more details

Suggested/Example Additions:

  • How important/healthy is our relationship with this vendor? [Multiline freetext]
  • How important is the service they provide to us? [Multiline freetext]
  • What is your desired outcome if the issue/risk is too large for us to accept? [Multiline freetext]

2 - "VENDOR PORTAL QUESTIONNAIRE"

Purpose: Capture feedback directly from the Vendor being risk assessed. This could give them the chance to provide additional context or reassurance about the new risk

Suggested/Example Additions:

  • Were you aware of this recent incident? [Yes/No]
  • Is there any context about the risk we should know? [Multiline text]
  • What policies/procedures were in place to mitigate this issue? [Multiline text]
  • What steps are being taken to mitigate/remedy this issue? [Multiline text]
  • What steps are being taken to prevent a re-occurrence? [Multiline text]

3 - "INTERNAL DECISION"

Purpose: Capture the actions from the main Vendor/Risk Management decision makers

Suggested/Example Additions: 

  • Notes (if vendor will be offboarded) [Multiline text]
  • Notes on reasons the risk can be accepted [Multiline text]
  • BCP/Risk Planning Document [Attached file]

     

    Step 1) Head to the start phase & hit Edit this Phase

    Step 2) Navigate to the Form tab

    Step 3) Within the Form Section you wish to amend:

    Option A) Hit ➕ ADD FIELD to include additional questions in the form

    Option B) Hit the menu icon then amend or remove fields

     

     


     

     

    🛠 Additional Configuration Steps 🛠

    This chapter will contain optional steps to amend the scope  or preconfigured settings of the workflow so that it works optimally for your organisation & users

     

    Configuration Video Coming Soon...

     

    Remove the Vendor Portal Review

    When a risk arises which could jeopardise your relationship with a vendor, it is prudent to get all necessary context before acting - this could include insight from the Vendor themselves

    This is why the workflow template includes an option to involve them in your review

    However, if you do not have the Vendor Portal in your Gatekeeper subscription, this will need to be removed, making this workflow into an internal review process:

    Part 1 - Remove transitions pointing to the Vendor Review phase

    Step 1) Head to the Internal Vendor Manager Review phase and hit Edit this Phase

    Step 2) Navigate to the Transitions tab & click the Submit | Escalate to Vendor transition

    Step 3) Next to Condition 2, hit the  Delete icon 

    Step 4) Switch the Transition Status to Pipeline then set Transition to Phase to No Transition

    Step 5) Now hit < Back & use the  Delete icon to remove the transition entirely

    Part 2 - Remove the associated Form question

    Step 1) While still on the Internal Vendor Manager Review phase, navigate to the Form tab

    Step 2) Delete the VENDOR QUESTIONNAIRE form section

    Step 3) In the VENDOR OWNER QUESTIONNAIRE section, delete the fields for "Context" and "Should we escalate...?"

    Part 3 - Archive the Phase

    Now head to the Vendor Review phase and hit Archive

     

     


     

     

    ✋ Before you start - Additional configuration to consider 🤚

     

    If you have followed the steps above, your workflow is almost ready to go

    However, to ensure this process runs as smoothly and reliably as possible, there are some other areas of your Gatekeeper environment you should check over!

    Connect Vendors to MarketIQ

    It goes without saying, but Vendors cannot be monitored for Risk reviews via this workflow if the Market IQ data is not being pulled from our automated data feeds

    Connecting Vendors to MIQ Financial

    Step 1) Click to open a Vendor Record

    Step 2) Navigate to the Market IQ tab & hit ➕ Add Market IQ | Finance to this Vendor

    Step 3) Select the correct company in the Data Match list & hit Apply

    ⬇️ See our article below for more details on connecting vendors to Market IQ Financial ⬇️

    Connecting Vendors to MIQ Cyber

    Connecting vendors to Market IQ Cyber is much simpler than Financial - You just need to ensure you have populated a Website for the vendors you wish to monitor via the module

    ⬇️ See our article below for more details on connecting vendors to Market IQ Cyber ⬇️

     

    To ensure you are connecting any new vendors added to Gatekeeper, we recommend embedding this connection within your Vendor Onboarding process

    If you do not already have one, see the below Article for a Best Practice Vendor onboarding workflow 

    📖 Create Your Own - Vendor Onboarding Workflow

     

    Populate Internal Vendor Managers

    The first phase of this workflow works best if the appropriate Vendor Manager can be assigned & notified that one of their relationships is showing a new risk

    Step 1) Find a vendor which does not have an Internal Owner in your repository

    Step 2) Click to Edit this vendor & navigate to the Owners tab

    Step 3) Assign an owner & hit ✅ Save & Exit

    You can also bulk-update your vendors to assign owners much faster - see below article:

    📖 Vendor Data - Bulk Export & Import

    Add Vendor Users

    If you want to be able to involve your vendor contacts in this process to provide potentially crucial context, they need to be added to your vendor records in Gatekeeper

    Step 1) Click to open a Vendor Record

    Step 2) Navigate to the Vendor Users tab to check what user contact details have been already added

    Step 3) Hit Add > Vendor User to add a new contact

    If you want to invite them to the Vendor Portal straight away you can tick ☑️ Invite into Gatekeeper before hitting ✅ Save

    Otherwise, the workflow will automatically invite them into Gatekeeper if a card lands on the Vendor Review phase

     

    You can see a full list of all Vendor users in your tenant in the Vendor Users Report:

     


     

    Getting started! ⚡️

     

    Switching on your trigger/s

    Step 1) Head to the Workflows page

    Step 2) Click to edit the workflow then select the Workflow Triggers option

    Step 3) Click your trigger's name

    Step 4) Switch the Trigger Status from Pipeline to Live

    Step 5) Repeat for all triggers you have added

    Your monitoring workflow is now active!

    Any of your Market IQ-connected vendors showing a drop in their scores in line with your trigger conditions will automatically begin a risk review process

     

     


     

     

    Additional Reading 📚

     

    Market IQ Financial

    Learn about the data available within our CreditSafe integration module

     

    Market IQ Cyber

    Learn about the data available within our  Security Scorecard integration module

     

    ⚡️Supplier Portal Expert - Invitation Emails

    Review the best way to configure how your Vendor users will be invited to the Gatekeeper platform

    A simple configuration task but extremely important if you want to set clear expectations from the outset and operate with transparency in all your new relationships

     

    ⚡️Testing Triggered Workflows

    Learn how to manually trigger test cards for this workflow to test out the process before switching on the real triggers for your active Vendors