The Aujas Vendor Manager uses a simple web-based interface to help manage vendor risk. The solution was developed with a ‘keep it simple’ philosophy and has powerful capabilities to mimic real-life vendor risk management and third party vendor risk management scenarios.

It includes a Vendor Directory with vendor details, vendor classifications or categories. It aids the control assessment processes based on the client-selected categorization and standards. Compliance standards include the following:

  • ISO 27001
  • PCI DSS
  • COBIT
  • Internal policies (customizable)

The application can be installed in-house or hosted on the Cloud. Users can access the application through their web-browsers.

Features:

  • Workflows: Features workflows, multi-user support.
  • Vendor Directory: Allows you to store, classify and implement tiered vendor risk assessments.
  • Role Base Access: User Management, creation of multiple roles. Assign to different roles needed such as assessor, reviewer and/or approver, viewer, admin, etc. allowing you to manage both internal roles and third party roles with ease.
  • Risk Rating: Ability to provide risk ratings for individual controls.
  • Issue Tracking: Ability to track action plan status for remediation with responsibility and timeliness adherence.
  • Trend Analysis and Reporting: Trend analysis reports over periodic gaps assessments.
  • Reporting: While the bundle reports are based on domains and trends across multiple audits, the reports can be customized quickly.

Key Benefits

  • Built-in compliance list with more than 500 statements based on ISO27001, PCI DSS and COBIT guidelines.
  • Compliance requirements standard and vendor data can be imported directly into the tool and used immediately.
  • Implementation plan can be captured and tracked based on client-assigned risk ratings.
  • Issues and action items can be assigned to different team members and departments.
  • Updates are provided on a regular basis. Client can also track trends on implementation progress and simplify reporting to stakeholders.
  • Evidence of compliance can be captured and stored in the tool itself, simplifying tracking and reporting.