Suppliers
Weitere Optionen
Under “Administration → Suppliers,” you will find a list of all suppliers. Since suppliers are master data, this view is independent of the selected management system. For this menu item to be available, the system must have a Supplier Risk Management license, and your user must have the “Expert” role in SRM. Experts with an SRM license will find an overview of suppliers on this page. The page displays their protection requirement class, code, name, country, status (Active or Deactivated), and, optionally, the expiration date.
The displayed protection needs class can be limited to the current management system or shown across all management systems. Per se, the protection needs corresponds to the classification configured in Risk management > Settings. If you select the display of all management systems, that means those that use the same protection needs classification. Therefore, the protection need can look different depending on which management system you are currently in.
Create/edit suppliers
Suppliers can be created and their basic data recorded here. Other than the code and name, this also includes details on their address and general contact.
Special fields:
| External ID | This is the ID of the supplier Lieferanten, which identifies the supplier in an excel import or an import via REST API. |
|---|---|
| Internal contact | Here you can enter a HITGuard user (or a team) who will serve as the point of contact for the supplier — fore example one of your Procurement Managers. HITGuard will then automatically contact this user as the expiration date approaches. If you have not entered anyone here, HITGuard will send the email to the “internal team” that you have specified in the global settings. |
| Score | Here you can give the supplier a score per the CMMI degree of maturity model. |
| Protection needs | Here you can manually enter the supplier's protection needs class. This setting overrides the protection needs class determined in the Structure Analysis based on the protection needs analysis and contextual relationships. |
| Supplier categories | You can assign suppliers to different categories in order to better order and sort them. You can create these categories at Administration > Suppliers > Supplier Categories . |
| External metric | You can record an evaluation score from another system in this text field. This can also be done via the importer. |
| Justification | Here you can justify the scores and assessments. |
| Expiration date | Here you can enter the date on which the supplier will be deactivated automatically. After that date, the supplier’s users will no longer be able to log in to the supplier portal, view surveys, or respond to them. The supplier will also no longer use a license. You can change or delete the date at any time. If you set an expiration date that precedes the response deadline for a supplier questionnaire that was already sent to the supplier, you will receive a warning. When you create the supplier for the first time, HITGuard automatically enters the expiration date. To do this, HITGuard adds the time period you defined in the global settings to today’s date. |
| Deactivated | This switch becomes visible only after you save for the first time. If the toggle is set to “No", the supplier is active and uses a license. Supplier users can log in. If it is set to “Yes,” the supplier is deactivated, does not use any licenses, and is excluded from the system.
You can deactivate and reactivate a supplier at any time by toggling the switch. When you deactivate it manually, the expiration date is set to today’s date. When you activate it, the date is cleared. Supplier users are notified of these cahnges. |
Supplier Access: Create & Edit Supplier Users
Here you can create and manage supplier users for each supplier. For each user, you must enter the first name, last name, and email address. The email address is a required field because it also serves as the user’s login username. Users who have already registered via the welcome link (which is sent automatically when the user is created) and set their password are marked as “verified” in the overview. Users who have entered their password incorrectly too many times and locked themselves out are marked as “locked” in the overview. This can be resolved by resending the welcome email.
Important: Supplier users can only be created if a company name is entered under “Administration → Global Settings.”
Some fields have special functions:
| Administrator | Here, a supplier user can be designated as an administrator on the supplier’s side by checking the box (not for the entire application). This user (or users) can then create and edit other users for their organization. The checkmark can also be removed. |
|---|---|
| Deactivated | A deactivated supplier user is no longer authorized to respond to or view audits. A supplier user can be deactivated or reactivated at any time. They will be notified of this via email. When deactivating a user, you also have the option to pseudonymize them. This cannot be undone. If the user was an administrator, these rights are also revoked when the user pseudonymized. |
| Paperplane-Button: Resend Welcome Email | Every supplier user receives a welcome email when first created. They can use it to log in for the first time and create their own password. The link for the initial login is valid for 48 hours and can be resent if the user has not logged in during that time. Resending the welcome email also resets the password and any two-factor authentication. |
| Trashcan-Button: Delete user | This button allows you to delete a supplier user. They will then no longer be able to log in and will no longer be authorized to respond to or view reviews. They will be notified of this via email. Note: Verified supplier users cannot be deleted, only deactivated.
The deactivation including pseudonymization can be undone so long as one has not clicked Save. When deleting, the system asks back whether one is sure one wants to delete the user. Suppliers as Interview PartnersIf the “Supplier evaluation” option under Risk Management → Settings is enabled, the “Supplier Review” checkbox will be available when creating gap analyses and review results. In this case, the created suppliers will be available as interview partners instead of regular HITGuard users. Suppliers are also stored as linked entities in all audit objects. If the review is created as a self-assessment, any users of the supplier will see it in their portal. This is not the case for interviews.
Die Benutzer des eingetragenen Lieferanten haben dann in ihrem Portal die Möglichkeit, die Self Assessment Überprüfung einzusehen, zu beantworten und zu retournieren. Dies funktioniert genau so wie die Beantwortung durch einen Interviewpartner oder Verantwortlichen bei einem regulären Self Assessment. Interviews sind für den Anwendungsfall vorgesehen, dass Sie die Daten der Überprüfung selbst einpflegen und gar keine Überprüfung an die Benutzer des Lieferanten ausschicken. Hat ein Lieferant keine Benutzer und kann daher kein Self Assessment empfangen, weist HITGuard auf diesen Umstand hin. Benachrichtigungen
LieferantenportalLieferantenbenutzer können sich in einem eigenen Portal an HITGuard anmelden. Sie finden es Standardmäßig unter der regulären URL, die ihr HITGuard-System verwendet, mit dem Zusatz "/Supplier" (zB: togetherexample.hitguard.at/Supplier). Lieferanten, die ihr Passwort vergessen haben, können dieses hier auch zurücksetzen. Die 2-Faktor-Authentifizierung wird damit auch zurückgesetzt.  In diesem Portal sehen Lieferantenbenutzer die ihnen zugewiesenen Überprüfungen und haben auch die Möglichkeit, ihre 2-Faktor-Authentifizierung zu verwalten. Mehr zur 2-Faktor-Authentifizierung finden Sie hier. Administratoren sehen zusätzlich auch den Reiter "Benutzerverwaltung", in dem sie weitere Benutzer anlegen und die bestehenden bearbeiten können. Badges bei den Ordnern zeigen, wie viele Überprüfungen in welchem Status auf Bearbeitung warten. In der Übersicht sind diese auch fett hervorgehoben. Überfällige Überprüfungen, deren Beantwortungsfrist also abgelaufen ist, sind ebenfalls mit einem Badge besonders hervorgehoben. Lieferantenbenutzer können die Überprüfungen hier einsehen, beantworten und wieder an den Risikomanager retournieren.  LieferantenkategorienHier können Sie die Kategorien für Ihre Lieferanten erstellen und verwalten. Alternativ können Sie Lieferantenkategorien auch erstellen, indem Sie sie direkt beim Lieferanten in das entsprechende Feld eintragen und die Erstellung bestätigen. Alle Kategorien scheinen dann in dieser Liste auf.  Online help for supplier usersA help page you can share with the supplier users can be found here. |
