Lieferanten/en: Unterschied zwischen den Versionen

Aktuelle Version vom 1. April 2026, 12:04 Uhr

Under “Administration → Suppliers,” you will find a list of all suppliers. Since suppliers are master data, this view is independent of the selected management system. For this menu item to be available, the system must have a Supplier Risk Management license, and your user must have the “Expert” role in SRM. Experts with an SRM license will find an overview of suppliers on this page. The page displays their protection requirement class, code, name, country, status (Active or Deactivated), and, optionally, the expiration date.

The displayed protection needs class can be limited to the current management system or shown across all management systems. Per se, the protection needs corresponds to the classification configured in Risk management > Settings. If you select the display of all management systems, that means those that use the same protection needs classification. Therefore, the protection need can look different depending on which management system you are currently in.

Create/edit suppliers

Suppliers can be created and their basic data recorded here. Other than the code and name, this also includes details on their address and general contact.

Special fields:

External ID	This is the ID of the supplier Lieferanten, which identifies the supplier in an excel import or an import via REST API.
Internal contact	Here you can enter a HITGuard user (or a team) who will serve as the point of contact for the supplier — fore example one of your Procurement Managers. HITGuard will then automatically contact this user as the expiration date approaches. If you have not entered anyone here, HITGuard will send the email to the “internal team” that you have specified in the global settings.
Score	Here you can give the supplier a score per the CMMI degree of maturity model.
Protection needs	Here you can manually enter the supplier's protection needs class. This setting overrides the protection needs class determined in the Structure Analysis based on the protection needs analysis and contextual relationships.
Supplier categories	You can assign suppliers to different categories in order to better order and sort them. You can create these categories at Administration > Suppliers > Supplier Categories .
External metric	You can record an evaluation score from another system in this text field. This can also be done via the importer.
Justification	Here you can justify the scores and assessments.
Expiration date	Here you can enter the date on which the supplier will be deactivated automatically. After that date, the supplier’s users will no longer be able to log in to the supplier portal, view surveys, or respond to them. The supplier will also no longer use a license. You can change or delete the date at any time. If you set an expiration date that precedes the response deadline for a supplier questionnaire that was already sent to the supplier, you will receive a warning. When you create the supplier for the first time, HITGuard automatically enters the expiration date. To do this, HITGuard adds the time period you defined in the global settings to today’s date.
Deactivated	This switch becomes visible only after you save for the first time. If the toggle is set to “No", the supplier is active and uses a license. Supplier users can log in. If it is set to “Yes,” the supplier is deactivated, does not use any licenses, and is excluded from the system. You can deactivate and reactivate a supplier at any time by toggling the switch. When you deactivate it manually, the expiration date is set to today’s date. When you activate it, the date is cleared. Supplier users are notified of these cahnges.

Supplier Access: Create & Edit Supplier Users

Here you can create and manage supplier users for each supplier. For each user, you must enter the first name, last name, and email address. The email address is a required field because it also serves as the user’s login username. Users who have already registered via the welcome link (which is sent automatically when the user is created) and set their password are marked as “verified” in the overview. Users who have entered their password incorrectly too many times and locked themselves out are marked as “locked” in the overview. This can be resolved by resending the welcome email.

Important: Supplier users can only be created if a company name is entered under “Administration → Global Settings.”

Some fields have special functions:

Administrator	Here, a supplier user can be designated as an administrator on the supplier’s side by checking the box (not for the entire application). This user (or users) can then create and edit other users for their organization. The checkmark can also be removed.
Deactivated	A deactivated supplier user is no longer authorized to respond to or view audits. A supplier user can be deactivated or reactivated at any time. They will be notified of this via email. When deactivating a user, you also have the option to pseudonymize them. This cannot be undone. If the user was an administrator, these rights are also revoked when the user pseudonymized.
Paperplane-Button: Resend Welcome Email	Every supplier user receives a welcome email when first created. They can use it to log in for the first time and create their own password. The link for the initial login is valid for 48 hours and can be resent if the user has not logged in during that time. Resending the welcome email also resets the password and any two-factor authentication.
Trashcan-Button: Delete user	This button allows you to delete a supplier user. They will then no longer be able to log in and will no longer be authorized to respond to or view reviews. They will be notified of this via email. Note: Verified supplier users cannot be deleted, only deactivated.

When deactivating or deleting a user the system warns you if

the user is assigned to a not-deleted assessment, and/or
the user is the last administrator user of the supplier.

The deactivation including pseudonymization can be undone so long as one has not clicked Save. When deleting, the system asks back whether one is sure one wants to delete the user.

Suppliers as Interview Partners

If the “Supplier evaluation” option under Risk Management → Settings is enabled, the “Supplier Review” checkbox will be available when creating gap analyses and review results. In this case, the created suppliers will be available as interview partners instead of regular HITGuard users. Suppliers are also stored as linked entities in all audit objects. If the review is created as a self-assessment, any users of the supplier will see it in their portal. This is not the case for interviews.

Users of the registered supplier can then view, complete, and submit the self-assessment in the supplier portal. This works exactly the same way as when a respondent or responsible party completes a regular self-assessment. Interviews are intended for cases where you enter the review data yourself and do not send any review to the supplier’s users at all.

If a supplier has no users, the supplier cannot receive a self-assessment. In this case HITGuard will notify the user of this fact.

Notifications

Users of the registered supplier receive an email inviting them to complete the review.
Users of the registered supplier receive an email alert when the response deadline is approaching.
Users of the registered supplier (or only the administrator) will receive an email with a warning when their account’s expiration date approaches.
The optional internal team responsible for the supplier will receive an email with a warning when the accounts’ expiration dates approach.

Supplier Portal

Supplier users can log in to HITGuard via a dedicated portal. By default, you can find it at the regular URL used by your HITGuard system, with the suffix “/Supplier” (e.g., togetherexample.hitguard.at/Supplier) attached. Suppliers who have forgotten their password can also reset it here. This will also reset the two-factor authentication.

In this portal, supplier users can view the checks assigned to them and also have the option to manage their two-factor authentication. You can find more information about two-factor authentication here. Administrators also see the “User Management” tab, where they can create additional users and edit existing ones.

Badges on the folders show how many checks are in processing and their respective statuses. These are also highlighted in bold in the overview. Overdue reviews - the reviews whose response deadline has passed - are also specially highlighted with a badge.

Supplier users can view the reviews here, respond to them, and return them to the risk manager.

Supplier Categories

Here you can create and manage categories for your suppliers. Alternatively, you can create supplier categories by entering them directly into the corresponding field for the supplier and confirming the creation. All categories will then appear in this list.

Online help for supplier users

You can find a help page you can share with the supplier users here.
A link to the help page for supplier users is also found in their welcome e-mail.

@@ Zeile 1: / Zeile 1: @@
-Under "Administration → Suppliers" you find all suppliers, regardless of the selected management system.
+Under “Administration → Suppliers,” you will find a list of all suppliers. Since suppliers are master data, this view is independent of the selected management system. For this menu item to be available, the system must have a Supplier Risk Management license, and your user must have the “Expert” role in SRM. Experts with an SRM license will find an overview of suppliers on this page. The page displays their protection requirement class, code, name, country, status (Active or Deactivated), and, optionally, the expiration date.
-For the menu item to be available, one needs to have a Supplier Risk Management license and be assigned the role Expert in SRM.
+[[Datei:SM_Lieferanten_Übersicht.png||left|thumb|900px|Overview of the suppliers]]<br clear=all>
-SRM Experts find an overview of all suppliers on this page with their code, name, country, state (active or deactivated) and optionally their expiration date.
+The displayed protection needs class can be limited to the current management system or shown across all management systems. Per se, the protection needs corresponds to the classification configured in Risk management > Settings. If you select the display of all management systems, that means those that use the same protection needs classification. Therefore, the protection need can look different depending on which management system you are currently in.
-[[Datei:SM_Lieferanten_Übersicht.png||left|thumb|900px|Overview of the suppliers]]<br clear=all>
 ===Create/edit suppliers===
 Suppliers can be created and their basic data recorded here. Other than the code and name, this also includes details on their address and general contact.<p>Special fields:
+[[Datei:LieferantErstellen.png||center|thumb|800px|Create/edit supplier]]<br clear=all>
 {| class="wikitable"
+!External ID
+|This is the ID of the supplier Lieferanten, which identifies the supplier in an excel  [[Special:MyLanguage/Datenimport|import]] or an import via [[Special:MyLanguage/Datenimport/-export_Schnittstelle| REST API]].
+|-
+!Internal contact
+|Here you can enter a HITGuard user (or a team) who will serve as the point of contact for the supplier — fore example one of your <i>Procurement Managers</i>. HITGuard will then automatically contact this user as the expiration date approaches. If you have not entered anyone here, HITGuard will send the email to the “internal team” that you have specified in the [[Special:MyLanguage/Globale_Einstellungen#Sicherheitseinstellungen_für_Lieferanten-Risikomanagement|global settings]].
+|-
+!Score
+|Here you can give the supplier a score per the CMMI degree of maturity model.
+|-
+!Protection needs
+|Here you can manually enter the supplier's protection needs class. This setting overrides the protection needs class determined in the [[Special:MyLanguage/Strukturanalyse|Structure Analysis]] based on the [[Special:MyLanguage/Schutzbedarf|protection needs analysis]] and contextual relationships.
+|-
+!Supplier categories
+|You can assign suppliers to different categories in order to better order and sort them.  You can create these categories at <i> Administration > Suppliers > Supplier Categories </i>.
+|-
+!External metric
+|You can record an evaluation score from another system in this text field. This can also be done via the importer.
+|-
+!Justification
+|Here you can justify the scores and assessments.
+|-
 !Expiration date
-|A date can be entered from here, after which the supplier is no longer entitled to respond to or view assessments. A month prior to this date, any
+|Here you can enter the date on which the supplier will be deactivated automatically. After that date, the supplier’s users will no longer be able to log in to the supplier portal, view surveys, or respond to them. The supplier will also no longer <b>use a license</b>. You can change or delete the date at any time. If you set an expiration date that <i>precedes</i> the response deadline for a supplier questionnaire that was already sent to the supplier, you will receive a warning. When you create the supplier for the first time, HITGuard automatically enters the expiration date. To do this, HITGuard adds the time period you defined in the [[Special:MyLanguage/Globale_Einstellungen#Sicherheitseinstellungen_für_Lieferanten-Risikomanagement|global settings]] to today’s date.
-Hier kann ein Datum eingetragen werden, ab dem der Lieferant nicht mehr berechtigt ist, Überprüfungen zu beantworten oder diese einzusehen. Einen Monat vor dem Ablaufdatum werden etwaige Lieferantenbenutzer auf dieses hingewiesen. Das Datum kann jederzeit angepasst werden.
 |-
 !Deactivated
-|Dieser Schalter ist sichtbar, sobald der Lieferant angelegt ist. Ein deaktivierter Lieferant ist nicht mehr berechtigt, Überprüfungen zu beantworten oder diese einzusehen. Ein Lieferant kann jederzeit deaktiviert oder wieder aktiviert werden. Etwaige Lieferantenbenutzer werden über dies informiert.
+|This switch becomes visible only after you save for the first time. If the toggle is set to “No", the supplier is active and uses a license. Supplier users can log in. If it is set to “Yes,” the supplier is deactivated, does not use any licenses, and is excluded from the system.
+You can deactivate and reactivate a supplier at any time by toggling the switch. When you deactivate it manually, the expiration date is set to today’s date. When you activate it, the date is cleared. Supplier users are notified of these cahnges.
 |-
 |}
-<div lang="de" dir="ltr" class="mw-content-ltr">
+===Supplier Access: Create & Edit Supplier Users===
-[[Datei:LieferantErstellen.png||left|thumb|900px|Lieferanten erstellen/bearbeiten]]<br clear=all>
+Here you can create and manage supplier users for each supplier. For each user, you must enter the first name, last name, and email address. The email address is a required field because it also serves as the user’s login username. Users who have already registered via the welcome link (which is sent automatically when the user is created) and set their password are marked as “verified” in the overview. Users who have entered their password incorrectly too many times and locked themselves out are marked as “locked” in the overview. This can be resolved by resending the welcome email. <p><u>Important</u>: Supplier users can only be created if a company name is entered under “Administration → Global Settings.”
-</div>
-<div lang="de" dir="ltr" class="mw-content-ltr">
+[[Datei:LieferantBenutzer.png||left|thumb|900px|creating/editing Supplier users]]<br clear=all>
-===Lieferantenbenutzer erstellen/bearbeiten===
-Hier können für die einzelnen Lieferanten Lieferantenbenutzer angelegt und verwaltet werden.<p>Es handelt sich hierbei um ein bearbeitbares Grid, in dem der Plus Button eine neue Zeile erstellt. Man kann also direkt in eine Zelle der Tabelle klicken und den Inhalt dort eintragen/bearbeiten.<p>Für jeden Benutzer werden Vorname, Nachname und E-Mail-Adresse erfasst. Die E-Mail Adresse ist ein Pflichtfeld, weil sie zugleich als Username für das Login des Benutzers fungiert. Benutzer, die sich bereits einmal über den Willkommenslink angemeldet (wird beim Erstellen des Benutzers automatisch verschickt) und ihr Passwort erstellt haben, sind in der Übersicht als "verifiziert" gekennzeichnet. <p><u>Wichtig</u>: Lieferantenbenutzer können nur angelegt werden, wenn unter "Administration → Globale Einstellungen" ein Firmenname eingetragen ist.<p>Besondere Felder:
+Some fields have special functions:
 {| class="wikitable"
 !Administrator
-|Hier kann ein Lieferantenbenutzer mit einem Häkchen zum Administrator seitens des Lieferanten gemacht werden (<u>nicht</u> für die gesamte Applikation). Dieser Benutzer (auch mehrfach möglich) hat dann die Möglichkeit, in seinem eigenen Lieferantenportal selbst Benutzer anzulegen und zu bearbeiten. Das Häkchen kann auch wieder entfernt werden.
+|Here, a supplier user can be designated as an administrator on the supplier’s side by checking the box (<u>not</u> for the entire application). This user (or users) can then create and edit other users for their organization. The checkmark can also be removed.
 |-
-!Deaktiviert
+!Deactivated
-|Ein deaktivierter Lieferantenbenutzer ist nicht mehr berechtigt, Überprüfungen zu beantworten oder diese einzusehen. Ein Lieferantenbenutzer kann jederzeit deaktiviert oder wieder aktiviert werden. Er wird per E-Mail über dies informiert.
+|A deactivated supplier user is no longer authorized to respond to or view audits. A supplier user can be deactivated or reactivated at any time. They will be notified of this via email. <br><br>When deactivating a user, you also have the option to pseudonymize them. This cannot be undone. If the user was an administrator, these rights are also revoked when the user pseudonymized.
 |-
-!Button: Willkommensmail erneut aussenden
+!Paperplane-Button: Resend Welcome Email
-|Jeder Lieferantenbenutzer erhält beim Erstellen ein Willkommensmail, über das er sich erstmals anmelden und sein eigenes Passwort erstellen kann. Ab diesem Zeitpunkt funktioniert sein Login. Der Link für die Erstanmeldung ist 48 Stunden gültig und kann neu geschickt werden, sollte sich der Benutzer in dieser Zeit noch nicht angemeldet haben. Mit dem erneuten Versenden des Willkommensmails werden auch das Passwort und eine etwaige 2-Faktor-Authentifizierung zurückgesetzt.
+|Every supplier user receives a welcome email when first created. They can use it to log in for the first time and create their own password. The link for the initial login is valid for 48 hours and can be resent if the user has not logged in during that time. Resending the welcome email also resets the password and any two-factor authentication.
 |-
-!Button: Benutzer löschen
+!Trashcan-Button: Delete user
-|Mit diesem Button kann ein Lieferantenbenutzer gelöscht werden. Er kann sich dann nicht mehr anmelden und ist nicht mehr berechtigt, Überprüfungen zu beantworten oder diese einzusehen. Er wird per E-Mail über dies informiert.
+|This button allows you to delete a supplier user. They will then no longer be able to log in and will no longer be authorized to respond to or view reviews. They will be notified of this via email.<br><br><u>Note:</u> Verified supplier users cannot be deleted, only deactivated.
 |-
 |}
-[[Datei:LieferantBenutzer.png||left|thumb|900px|Lieferantenbenutzer erstellen/bearbeiten]]<br clear=all>
-</div>
-<div lang="de" dir="ltr" class="mw-content-ltr">
-===Lieferanten als Interviewpartner===
-Wenn die Option "Lieferantenbewertung" unter Risikomanagement → Einstellungen aktiviert ist, dann steht beim Erstellen von Abweichungsanalysen und Prüfergebnissen die Checkbox "Lieferantenüberprüfung" aktiviert werden. Dann stehen für die Interviewpartner anstelle von regulären HITGuard Usern die erstellten Lieferanten zur Verfügung. Zusätzlich wird die Überprüfung automatisch als Self Assessment angelegt.
-[[Datei:Checkbox_Lieferantenüberprüfung.png|left|thumb|500px|Checkbox für Lieferantenüberprüfungen]]<br clear=all>
-====Benachrichtigungen====
-* Die Benutzer des eingetragenen Lieferanten erhalten ein E-Mail mit einer Einladung, die Überprüfung zu beantworten.
-* Die Benutzer des eingetragenen Lieferanten erhalten ein E-Mail mit einer Warnung, wenn die Beantwortungsfrist abläuft.
-* Die Benutzer des eingetragenen Lieferanten (oder nur der Administrator) erhalten ein E-Mail mit einer Warnung, wenn das Ablaufdatum ihres Accounts näher kommt.
-* Das optional eingetragene interne Team, das für den Lieferanten zuständig ist, erhält ein E-Mail mit einer Warnung, wenn das Ablaufdatum der Accounts näher kommt.
-</div>
-<div lang="de" dir="ltr" class="mw-content-ltr">
+When deactivating or deleting a user the system warns you if
-===Lieferantenportal===
+* the user is assigned to a not-deleted assessment, and/or
-Unter dem regulären HITGuard-Link, den Sie für Ihre Organisation konfiguriert haben, mit dem Zusatz "/Supplier" können sich Lieferantenbenutzer in einem eigenen Portal an HITGuard anmelden.<p>Lieferanten, die ihr Passwort vergessen haben, können dieses hier auch zurücksetzen. Eine etwaige 2-Faktor-Authentifizierung wird damit auch zurückgesetzt.
+* the user is the last administrator user of the supplier.
-[[Datei:SM_LIeferantenportal.png||left|thumb|900px|Login für Lieferanten]]<br clear=all>
-In diesem Portal sehen Lieferantenbenutzer die ihnen zugewiesenen Überprüfungen und haben auch die Möglichkeit, ihre 2-Faktor-Authentifizierung zu verwalten. Mehr zur 2-Faktor-Authentifizierung finden Sie [[Special:MyLanguage/2FA|hier]]. Administratoren sehen zusätzlich auch den Reiter "Benutzerverwaltung", in dem sie weitere Benutzer anlegen und die bestehenden bearbeiten können.<p>Badges bei den Ordnern zeigen, wie viele Überprüfungen in welchem Status auf Bearbeitung warten. In der Übersicht sind diese auch fett hervorgehoben. Überfällige Überprüfungen, deren Beantwortungsfrist also abgelaufen ist, sind ebenfalls mit einem Badge besonders hervorgehoben.<p>Lieferantenbenutzer können die Überprüfungen hier einsehen, beantworten und wieder an den Risikomanager retournieren.
+The deactivation including pseudonymization can be undone so long as one has not clicked Save. When deleting, the system asks back whether one is sure one wants to delete the user.
-[[Datei:SM_Supplierportal_Überprüfungen_TM.png||left|thumb|900px|Lieferantenportal]]<br clear=all>
-</div>
+===Suppliers as Interview Partners===
+If the “Supplier evaluation” option under Risk Management → Settings is enabled, the “Supplier Review” checkbox will be available when creating gap analyses and review results. In this case, the created suppliers will be available as interview partners instead of regular HITGuard users. Suppliers are also stored as linked entities in all audit objects. If the review is created as a <i>self-assessment</i>, any users of the supplier will see it in their portal. This is not the case for <i>interviews</i>.
+:::[[Datei:Checkbox_Lieferantenüberprüfung.png|left|thumb|500px|Checkbox for supplier evaluations]]<br clear=all>
+Users of the registered supplier can then view, complete, and submit the self-assessment in the supplier portal. This works exactly the same way as when a respondent or responsible party completes a [[Special:MyLanguage/Überprüfung|regular self-assessment]]. Interviews are intended for cases where you enter the review data yourself and do not send any review to the supplier’s users at all.
+If a supplier has no users, the supplier cannot receive a self-assessment. In this case HITGuard will notify the user of this fact.
+====Notifications====
+* Users of the registered supplier receive an email inviting them to complete the review.
+* Users of the registered supplier receive an email alert when the response deadline is approaching.
+* Users of the registered supplier (or only the administrator) will receive an email with a warning when their account’s expiration date approaches.
+* The optional internal team responsible for the supplier will receive an email with a warning when the accounts’ expiration dates approach.
+===Supplier Portal===
+Supplier users can log in to HITGuard via a dedicated portal. By default, you can find it at the regular URL used by your HITGuard system, with the suffix “/Supplier” (e.g., togetherexample.hitguard.at/Supplier) attached. Suppliers who have forgotten their password can also reset it here. This will also reset the two-factor authentication.
+[[Datei:SM_LIeferantenportal.png||left|thumb|700px|Login for suppliers]]<br clear=all>
+In this portal, supplier users can view the checks assigned to them and also have the option to manage their two-factor authentication. You can find more information about two-factor authentication [[Special:MyLanguage/2FA|here]]. Administrators also see the “User Management” tab, where they can create additional users and edit existing ones.<p>Badges on the folders show how many checks are in processing and their respective statuses. These are also highlighted in bold in the overview. Overdue reviews - the reviews whose response deadline has passed - are also specially highlighted with a badge.<p>Supplier users can view the reviews here, respond to them, and return them to the risk manager.
+[[Datei:SM_Supplierportal_Überprüfungen_TM.png|left|thumb|900px|Supplier Portal]]<br clear=all>
+===Supplier Categories===
+Here you can create and manage categories for your suppliers. Alternatively, you can create supplier categories by entering them directly into the corresponding field for the supplier and confirming the creation. All categories will then appear in this list.
+[[Datei:Lieferantenkategorien.png|left|thumb|900px|Supplier Categories]]<br clear=all>
+===Online help for supplier users===
+You can find a help page you can share with the supplier users [[Special:MyLanguage/Lieferantenportal|here]].<br>
+A link to the help page for supplier users is also found in their welcome e-mail.