-
Intro
-
General Guidance
-
Tasks
-
Compliance
-
Controls
-
Meta Model
-
Administration
Meta Model
Third Parties
Role Specific Access
1. Meta Model Manager
- Access Level: Full access to all third-party management features.
-
Responsibilities:
- Oversee the entire meta modeling process within vucavoid.
- Define and adjust the parameters and attributes for third-party objects.
- Ensure the alignment of third-party management with overall compliance objectives.
2. Object Manager
- Access Level: Technical management access.
-
Responsibilities:
- Manage the technical aspects of third-party objects.
- Maintain data quality and integrity for third-party records.
- Collaborate with Meta Model Managers to align technical aspects with meta modeling requirements.
3. Compliance Manager
- Access Level: Supervisory access to management features.
-
Responsibilities:
- Supervise the application of compliance policies in third-party management.
- Review and approve third-party classifications and risk assessments.
- Coordinate with other managers to ensure comprehensive compliance coverage.
Overview of Third Party Management
Introduction to Third Party as an Object
In vucavoid, a third party is conceptualized as an object, integral to the meta modeling framework. This approach facilitates a structured and systematic management of all third-party entities involved in your organization's compliance processes.
Role of Third Parties in Compliance Management
Third parties in vucavoid are not just external entities but are considered critical components of your compliance management structure. They can represent various locations, including both organization-owned and externally rented spaces. Effective management of these third parties is crucial for maintaining comprehensive compliance standards.
- Integration with Scopes and Challenges: Third parties can be incorporated into various scopes and challenges within vucavoid, ensuring that all compliance aspects are addressed.
- Reflection of Organizational Structure: They mirror the physical and operational structure of your organization, encompassing both owned and external premises.
- Central Role in Compliance: Third parties play a pivotal role in your organization's overall compliance management, necessitating careful oversight and management.
Attributes of Third Party
The management of third parties in vucavoid is facilitated through a range of attributes that define and categorize each third-party entity. These attributes are critical for ensuring accurate representation and effective management of third-party relationships.
Third Party Basics
- Title: The title should be a concise yet descriptive representation, typically the full corporate name of the third party.
- Description: This includes a brief overview of the third party’s role in relation to your organization's meta modeling and compliance management.
Third Party Management
- Owner: Designates a single vucavoid account responsible for the third party.
- Object Managers: Technical role holders in vucavoid responsible for managing the third-party object, focusing on data quality rather than operational control.
- Third Party Manager: An individual account tasked with overseeing the third party, including conducting risk and reliability assessments.
Third Party Classification
- Business Criticality: Defined by selecting one of four options - Essential, High, Medium, or Low, indicating the importance of the third party to your organization.
- Type: Determines whether the third party is a client or a supplier, a classification that is fixed post initial setup.
Primary Contact Details
- Information about the primary contact at the third party, including name, role, email, and phone number.
Relevance & Scoring
- Risk and Reliability Assessments: Options to conduct and schedule regular assessments, with predefined or custom intervals.
- Assessment Availability: Note that risk assessments are currently only available for suppliers.
Services and Products
- Consumed Products: Details of products/services consumed by your organization from this third party.
- Provided Products: Information on products/services provided by your organization to the third party.
Additional Information
- General Information: Allows for the inclusion of any other pertinent details relevant to the third-party entity.
Risk Scoring
Overview of Risk Scoring
Risk scoring in vucavoid is designed to evaluate the compliance risks associated with each third party. This includes factors like reputational, financial, legal, or business continuity risks.
- Visibility of Risk Score: The current risk score is displayed in the overview of all third parties and can be updated as needed.
Adding and Maintaining Risk Score
- Accessing Risk Score Options: Within a third party's details, select the option to review the risk score via the top right corner menu.
-
Setting the Risk Score:
- Choose from four levels: Critical, High, Medium, Low.
- Document the rationale behind the chosen risk score for future reference and actions.
The risk scoring system in vucavoid provides a structured approach to assess and document the compliance risks associated with third-party entities, aiding in informed decision-making and risk management.
Reliability Scoring
Overview of Reliability Scoring
Reliability scoring in vucavoid assesses the overall reliability of a third party. This is integral for justifying risk scores and documenting the third party's performance in terms of dependability.
Adding and Maintaining Reliability Score
- Accessing Reliability Score Options: Within a third party's details, select the option to review the reliability score in the same menu as the risk score.
-
Setting the Reliability Score:
- Select a score from the options: Critical, High, Medium, Low.
- Document the rationale for the chosen reliability score to enhance future evaluations and decisions.
Engagements with Third Parties
Overview of Engagements
Engagements represent the active agreements or contracts your organization has with third parties. Efficiently managing these engagements is crucial for maintaining transparent and compliant third-party relationships.
Adding a New Engagement
-
Procedure:
- Navigate to the details of a specific third party and scroll to "Engagements".
- Click on "New Engagement" to open a form for entering engagement details.
-
Engagement Details:
- Title: Provide a concise title that easily relates to the actual agreement or contract.
- Other Information: Include content details, emphasizing aspects relevant to compliance management.
- Start Date: Specify the commencement date of the engagement.
- End Date: If applicable, enter the expected or agreed termination date.
Editing and Deleting an Engagement
-
Accessing Engagement Options:
- Within the "Engagements" section of a third party, options to edit or delete an engagement are available.
-
Modifications:
- Use the "Edit" button to update engagement details.
- Select "Delete" to remove an engagement record from the system.