Vendors

Creating and managing vendors


title: Creating and managing vendors description: Adding vendors, completing risk assessments and vendor approval workflows in Tidal Control sidebar_position: 2

Creating and managing vendors

Creating a new vendor

Vendor addition process

  1. Click "Add vendor" top right in Vendors overview
  2. "Create a new Vendor" dialogue opens
  3. Search for a vendor or add - Type vendor name
  4. Assign owner - Select responsible person (optional)
  5. Description - Add description (optional, markdown supported)
  6. Click "Create" to create vendor

Create new vendor dialog

Initial vendor setup:

  • Status: Automatically "Draft"
  • Assessment: Empty, must be completed
  • Rating: Determined after assessment completion
  • Owner: Assigned person or to be assigned later

Completing vendor assessment

The assessment determines risk classification and compliance requirements for the vendor.

Completing assessment questionnaire

Go to Assessment tab of vendor detail panel and answer all questions:

Vendor Assessment Tab

Data Access Level:

  • No access - No access to systems or data
  • Limited access - Limited access to non-sensitive data
  • Full access to sensitive/regulated data - PII, financial, health data

Data Processing Type:

  • No data processing - Physical services only
  • Basic business data - Non-sensitive operational data
  • Sensitive personal data - Names, addresses, contact details
  • Regulated data - Financial, health, government data

Business Criticality:

  • Low impact - Minimal business disruption if unavailable
  • Moderate impact - Some operational impact
  • Highly important - Significant business impact from disruption
  • Business critical - Core operations dependent on service

Regulatory Jurisdictions (optional):

  • Select relevant jurisdictions where vendor operates
  • For example: EU/EEA, US, Asia-Pacific
  • Influences compliance requirements

Vendor Scope (optional):

  • Limited scope - Specific project or service
  • Department level - Service for one department
  • Organisation wide - Service for entire organisation

Automatic risk rating determination

After assessment completion, Tidal automatically calculates the risk rating:

  • High: Critical business services, sensitive data and/or legal scope
  • Medium: Moderate impact, limited data access and/or standard compliance
  • Low: Minimal impact, no data processing and/or low-risk services

Configuring vendor details

Completing Details tab

Basic vendor information:

  • Description: Description of vendor services
  • Website: Official vendor website URL
  • Vendor contact: Primary contact person on vendor side

Compliance and security information:

  • Security page: Link to vendor security documentation
  • Privacy policy: URL to vendor privacy policy
  • Jurisdiction: Legal jurisdiction of vendor (e.g. UK/EU)

Internal management:

  • Owners: Add internal owners of vendor relationship

Vendor details configuration

Document management

Document upload process

  1. Go to Documents tab in vendor detail panel
  2. Click "Upload Document"
  3. Document type manually select
  4. Select document from computer

Document types

Types of compliance documents:

  • Privacy Policy - Vendor's privacy policy and personal data handling
  • Security Assurance - Security certifications and reports (e.g. ISO 27001, SOC 2)
  • Data Processing Agreement - GDPR/privacy compliant processor agreement
  • Vendor Contract - Primary contract with vendor

Document tracking:

  • Upload Date - When document was added
  • Uploaded By - Who uploaded the document
  • Document Type - Categorisation for compliance

Document management

Vendor approval workflow

Draft to Approved process

Recommended approval requirements:

  1. Assessment completed - All mandatory questions answered
  2. Risk rating determined - Classification assigned
  3. Required documents uploaded per risk level
  4. Owner assigned - Responsible person assigned

Approving a vendor:

  1. Go to vendor actions menu (three dots)
  2. Select "Approve Vendor"
  3. Status changes to "Approved" and "Approved On" date is automatically set

Vendor approval options

Recommended approval criteria per risk level

High risk vendors:

  • Risk assessment: All questions answered and deemed acceptable
  • Documents - All documents uploaded and reviewed
  • Quarterly or bi-annual reassessment

Medium risk vendors:

  • Risk assessment: Mandatory questions answered and deemed acceptable
  • Documents - At least contract and certification uploaded and reviewed
  • Annual reassessment

Low risk vendors:

  • Risk assessment: Mandatory questions answered and deemed acceptable
  • Documents - At least contract uploaded and reviewed
  • Annual or triennial reassessment

Managing multiple vendors simultaneously

Available bulk operations:

  • Change assignee - Assign new owner to group of vendors
  • Archive - Archive multiple vendors at once
  • Approve - Approve multiple vendors at once
  • Delete - Remove multiple vendors from system at once

Bulk workflow:

  1. Select vendors with checkboxes on left in overview
  2. Relevant buttons appear at top of table
  3. Choose desired action and confirm

Next steps

Now you can create and manage vendors:

  • Start with critical vendors for immediate risk assessment
  • Develop document templates for efficient and consistent application of compliance requirements
  • Plan periodic review cycles for vendor portfolio management
  • Train vendor owners in assessment and approval procedures