The Aujas Vendor Manager uses a simple web-based interface to help manage vendor risk. The solution was developed with a ‘keep it simple’ philosophy and has powerful capabilities to mimic real-life vendor risk management and third party vendor risk management scenarios.
It includes a Vendor Directory with vendor details, vendor classifications or categories. It aids the control assessment processes based on the client-selected categorization and standards. Compliance standards include the following:
- ISO 27001
- PCI DSS
- Internal policies (customizable)
The application can be installed in-house or hosted on the Cloud. Users can access the application through their web-browsers.
- Workflows: Features workflows, multi-user support.
- Vendor Directory: Allows you to store, classify and implement tiered vendor risk assessments.
- Role Base Access: User Management, creation of multiple roles. Assign to different roles needed such as assessor, reviewer and/or approver, viewer, admin, etc. allowing you to manage both internal roles and third party roles with ease.
- Risk Rating: Ability to provide risk ratings for individual controls.
- Issue Tracking: Ability to track action plan status for remediation with responsibility and timeliness adherence.
- Trend Analysis and Reporting: Trend analysis reports over periodic gaps assessments.
- Reporting: While the bundle reports are based on domains and trends across multiple audits, the reports can be customized quickly.
- Built-in compliance list with more than 500 statements based on ISO27001, PCI DSS and COBIT guidelines.
- Compliance requirements standard and vendor data can be imported directly into the tool and used immediately.
- Implementation plan can be captured and tracked based on client-assigned risk ratings.
- Issues and action items can be assigned to different team members and departments.
- Updates are provided on a regular basis. Client can also track trends on implementation progress and simplify reporting to stakeholders.
- Evidence of compliance can be captured and stored in the tool itself, simplifying tracking and reporting.