The Vendor Risk Management workspace is a single-pane view for third-party risk managers to view the overall risk posture of their third-party ecosystem. In the workspace, users can perform day-to-day activities such as performing and tracking risk assessments, risk issues, and tasks.
Risk managers can manage their entire program: risk domains, ratings from content providers, and internal and external risk assessments. Issues and tasks are managed centrally, so users can also define an action plan for remediation and ensure risks are mitigated quickly and efficiently.
The workspace includes:
- A home page that displays actionable insights and quick links
- A well-organized navigation menu that lists modules based on user needs
- An intuitive page layout for an exceptional user experience for practitioners, business users, and executives
- A holistic, 360-degree view of third parties with context-specific, actionable insights
The Vendor Risk Management Workspace includes the following features:
- A personalized homepage that enables risk managers to better manage their work
- A consolidated tasks landing page for managing all tasks assigned to the user and their groups
- 360-degree data visualization
New
- Added SBOM (Software Bill of Materials) related lists to company and engagement records.
- Added vertical layout configuration for TPRM navigation menu.
- Added aria-labels for risk concentration map accessibility.
Changed
- Updated questionnaire template list to show only published templates.
- Changed risk activity icon and removed extra spacing in work queue cards.
- Removed business user role from vendor detail page widget to improve security.
- Updated UCM portal access from risk manager to risk_admin only.
Fixed
- Resolved approve/reject UI action button visibility after Zurich upgrade (PRB2012105).
- Corrected return to third party modal due date validation and messaging (PRB2017639).
- Fixed internal risk score display in assessment overview when SAE enabled (PRB2007798).
- Resolved engagement location pin visibility on geo map with null values (PRB2013149).
- Added missing tooltips for buttons across VRM workspace pages (PRB2010437).
- Fixed UI component rendering at 400% zoom resolution (PRB2010399).
- Corrected include previous responses editability for internal assessments (PRB2007197).
- Restored missing templates sidebar item for issues records (PRB1996880).
- Resolved duplicate audit creation issue (PRB1992222).
- Fixed return to third party questionnaire action visibility (PRB1988955).
- Corrected smart assessment component viewport height calculation (PRB1965536).
- Resolved store certification filename collision error (PRB1989896).
- Fixed missing New UI action button in Element related list (PRB2024156).
- The following plugins must be installed and active:
- GRC: Vendor Risk Management
- Permissions and roles:
- Role required to install the app: System admin (admin)
When you upgrade the Vendor Risk Management Workspace application, make sure to upgrade the Third-party Risk Management application and any other installed GRC applications to the equivalent release version. For example, Vendor Risk Management Workspace version 18.x is certified to work with Third-party Risk Management version 18.x and other version 18.x GRC applications.