Suppliers
Weitere Optionen
Under “Administration → Suppliers,” you will find a list of all suppliers. Since suppliers are master data, this view is independent of the selected management system. For this menu item to be available, the system must have a Supplier Risk Management license, and your user must have the “Expert” role in SRM. Experts with an SRM license will find an overview of suppliers on this page. The page displays their protection requirement class, code, name, country, status (Active or Deactivated), and, optionally, the expiration date.
The displayed protection needs class can be limited to the current management system or shown across all management systems. Per se, the protection needs corresponds to the classification configured in Risk management > Settings. If you select the display of all management systems, that means those that use the same protection needs classification. Therefore, the protection need can look different depending on which management system you are currently in.
Create/edit suppliers
Suppliers can be created and their basic data recorded here. Other than the code and name, this also includes details on their address and general contact.
Special fields:
| External ID | This is the ID of the supplier Lieferanten, which identifies the supplier in an excel import or an import via REST API. |
|---|---|
| Internal contact | Here you can enter a HITGuard user (or a team) who will serve as the point of contact for the supplier — fore example one of your Procurement Managers. HITGuard will then automatically contact this user as the expiration date approaches. If you have not entered anyone here, HITGuard will send the email to the “internal team” that you have specified in the global settings. |
| Score | Here you can give the supplier a score per the CMMI degree of maturity model. |
| Protection needs | Here you can manually enter the supplier's protection needs class. This setting overrides the protection needs class determined in the Structure Analysis based on the protection needs analysis and contextual relationships. |
| Supplier categories | You can assign suppliers to different categories in order to better order and sort them. You can create these categories at Administration > Suppliers > Supplier Categories . |
| External metric | You can record an evaluation score from another system in this text field. This can also be done via the importer. |
| Justification | Here you can justify the scores and assessments. |
| Expiration date | Here you can enter the date on which the supplier will be deactivated automatically. After that date, the supplier’s users will no longer be able to log in to the supplier portal, view surveys, or respond to them. The supplier will also no longer use a license. You can change or delete the date at any time. If you set an expiration date that precedes the response deadline for a supplier questionnaire that was already sent to the supplier, you will receive a warning. When you create the supplier for the first time, HITGuard automatically enters the expiration date. To do this, HITGuard adds the time period you defined in the global settings to today’s date. |
| Deactivated | This switch becomes visible only after you save for the first time. If the toggle is set to “No", the supplier is active and uses a license. Supplier users can log in. If it is set to “Yes,” the supplier is deactivated, does not use any licenses, and is excluded from the system.
You can deactivate and reactivate a supplier at any time by toggling the switch. When you deactivate it manually, the expiration date is set to today’s date. When you activate it, the date is cleared. Supplier users are notified of these cahnges. |
Supplier Access: Create & Edit Supplier Users
Here you can create and manage supplier users for each supplier. For each user, you must enter the first name, last name, and email address. The email address is a required field because it also serves as the user’s login username. Users who have already registered via the welcome link (which is sent automatically when the user is created) and set their password are marked as “verified” in the overview. Users who have entered their password incorrectly too many times and locked themselves out are marked as “locked” in the overview. This can be resolved by resending the welcome email.
Important: Supplier users can only be created if a company name is entered under “Administration → Global Settings.”
Some fields have special functions:
| Administrator | Here, a supplier user can be designated as an administrator on the supplier’s side by checking the box (not for the entire application). This user (or users) can then create and edit other users for their organization. The checkmark can also be removed. |
|---|---|
| Deactivated | A deactivated supplier user is no longer authorized to respond to or view audits. A supplier user can be deactivated or reactivated at any time. They will be notified of this via email. When deactivating a user, you also have the option to pseudonymize them. This cannot be undone. If the user was an administrator, these rights are also revoked when the user pseudonymized. |
| Paperplane-Button: Resend Welcome Email | Every supplier user receives a welcome email when first created. They can use it to log in for the first time and create their own password. The link for the initial login is valid for 48 hours and can be resent if the user has not logged in during that time. Resending the welcome email also resets the password and any two-factor authentication. |
| Trashcan-Button: Delete user | This button allows you to delete a supplier user. They will then no longer be able to log in and will no longer be authorized to respond to or view reviews. They will be notified of this via email. Note: Verified supplier users cannot be deleted, only deactivated.
The deactivation including pseudonymization can be undone so long as one has not clicked Save. When deleting, the system asks back whether one is sure one wants to delete the user. Suppliers as Interview PartnersIf the “Supplier evaluation” option under Risk Management → Settings is enabled, the “Supplier Review” checkbox will be available when creating gap analyses and review results. In this case, the created suppliers will be available as interview partners instead of regular HITGuard users. Suppliers are also stored as linked entities in all audit objects. If the review is created as a self-assessment, any users of the supplier will see it in their portal. This is not the case for interviews.
Users of the registered supplier can then view, complete, and submit the self-assessment in the supplier portal. This works exactly the same way as when a respondent or responsible party completes a regular self-assessment. Interviews are intended for cases where you enter the review data yourself and do not send any review to the supplier’s users at all. If a supplier has no users, the supplier cannot receive a self-assessment. In this case HITGuard will notify the user of this fact. Notifications
Supplier PortalSupplier users can log in to HITGuard via a dedicated portal. By default, you can find it at the regular URL used by your HITGuard system, with the suffix “/Supplier” (e.g., togetherexample.hitguard.at/Supplier) attached. Suppliers who have forgotten their password can also reset it here. This will also reset the two-factor authentication.  In this portal, supplier users can view the checks assigned to them and also have the option to manage their two-factor authentication. You can find more information about two-factor authentication here. Administrators also see the “User Management” tab, where they can create additional users and edit existing ones. Badges on the folders show how many checks are in processing and their respective statuses. These are also highlighted in bold in the overview. Overdue reviews - the reviews whose response deadline has passed - are also specially highlighted with a badge. Supplier users can view the reviews here, respond to them, and return them to the risk manager.  LieferantenkategorienHier können Sie die Kategorien für Ihre Lieferanten erstellen und verwalten. Alternativ können Sie Lieferantenkategorien auch erstellen, indem Sie sie direkt beim Lieferanten in das entsprechende Feld eintragen und die Erstellung bestätigen. Alle Kategorien scheinen dann in dieser Liste auf.  Online help for supplier usersA help page you can share with the supplier users can be found here. |
