Vendors
Getting started with Vendors
title: Getting started with Vendors description: Introduction and navigation of vendor management and risk assessment in Tidal Control sidebar_position: 1
What is Vendor Management in Tidal Control?
Vendor Management in Tidal Control enables you to systematically assess vendor risks and monitor compliance via structured workflows and documentation.
Core functionalities:
- Structured risk assessments - Questionnaires for vendor evaluation
- Document management - Centrally manage compliance documentation
- Approval workflows - From draft to approved vendor status
- Risk classification - High, Medium, Low risk categorisation
- Ownership tracking - Who is responsible for which vendor
Vendor management vs ad-hoc vendor evaluations
Vendor management is ideal for:
- Systematic third-party risk assessment
- Compliance documentation management
- Standardised vendor onboarding
- Periodic vendor reviews and updates
Ad-hoc evaluations remain necessary for:
- One-off project vendors
- Informal vendor screening
- Quick impact assessments
Navigating the Vendors overview page
The Vendors page shows all vendors with their assessment status, documentation and risk ratings in a clear table.
What you see in the overview:
- Vendors table - All vendors with status information
- Filtering options - Open vs Archived, Rating, Assignee, Status
- Search functionality - Quickly find specific vendors
- Add vendor button - Add new vendors
- Vendor actions - Management options per vendor
Understanding the vendors table
Column information:
- Name - Vendor name and identification
- Documents - Number of uploaded compliance documents (📄 4)
- Rating - Risk classification (High, Medium, Low)
- Assessment - Assessment status (Draft, Approved)
- Approved On - Approval date for compliance tracking
- Assignee - Responsible person for vendor management
Example vendor information:
Microsoft | 📄 4 | Medium | Approved | 20 July 2025 | DA
GitHub | - | High | Approved | 20 July 2025 | DA
Amazon | - | High | Draft | - | DA
Filtering and searching
Open vs Archived filtering:
- Open (5) - Active vendors in use
- Archived (0) - Inactive vendor relationships
- Switch between tabs for different vendor sets
Rating filter:
- High - Critical vendors with high business impact
- Medium - Standard business services vendors
- Low - Minimal risk vendors
Status and Assignee filters:
- Assessment status - Filter on Draft vs Approved
- Assignee - Filter per responsible person
- Combine filters for specific vendor sets
Recognising vendor statuses
Assessment status indicators
Draft:
- New vendor in assessment phase
- Assessment not completed - Questions still to answer
- Documentation possibly missing
- Not yet approved for use
Approved:
- Assessment completed and reviewed
- Compliance documentation validated
- Approval date recorded
- Ready for use within organisation
When status changes:
- Draft → Approved after successful assessment and document review
- Approved → Archived when ending vendor relationship
- Status tracking for compliance audit trails
Understanding vendor ratings
Risk classification system
High Risk:
- Critical business services - Direct impact on operations
- Sensitive data processing - PII, financial, health data
- Legal scope - GDPR, SOX, healthcare compliance
- System access - Direct access to critical systems
Medium Risk:
- Standard business services - Normal operational support
- Limited data access - Non-sensitive business data
- Minimal system access - Controlled access levels
- Standard compliance requirements
Low Risk:
- Minimal business impact - Non-critical services
- No data processing - Physical services, basic tools
- No system access - Standalone services
- Basic compliance requirements
Risk rating determination
Factors influencing rating:
- Data Access Level - What data does vendor have access to
- Business Criticality - Impact on core business processes
- Regulatory Jurisdiction - Compliance complexity
- Service Scope - Extent of vendor services
Vendor detail panel navigation
Each vendor has an extensive detail panel with various tabs for complete information management.
Assessment tab
Risk assessment questionnaire with specific questions:
- Data Access Level - "What level of access does the vendor have to our systems and data?"
- Data Processing Type - "What type of data will the vendor process, store, or transmit on our behalf?"
- Business Criticality - "How critical is this vendor's service to our core business operations?"
- Regulatory Jurisdictions - "In which regulatory jurisdictions does the vendor operate?"
- Vendor Scope - "What is the scope and scale of the vendor relationship?"
Completing assessment:
- Dropdown selections for standardised answers
- Mandatory vs Optional question marking
- Rating calculation automatic based on answers
Details tab
Vendor information management:
- Description - Description of vendor services
- Website - Official vendor website
- Vendor contact - Contact information for primary contact on vendor side
- Security page - Links to security documentation
- Privacy policy - Vendor privacy and data protection
- Jurisdiction - Legal and compliance jurisdiction
- Owners - Internal owners of vendor relationship
Documents tab
Compliance documentation management:
- Document upload - "Upload Document" functionality
- Document types - Privacy Policy, Security Assurance, Data Processing Agreement, Vendor Contract
- Upload tracking - Upload Date and Uploaded By information
- Document access - Who can view and manage documents
Feed tab
Activities and updates tracking:
- Assessment changes - Changes in risk assessment
- Document updates - Upload and modification history
- Status changes - Draft to Approved transitions
- Owner changes - Ownership changes
Vendor management workflows
Daily vendor monitoring
Routine checks:
- New Draft vendors - Which assessments need completing
- Document expiration - Compliance documents needing updates
- Owner assignments - Vendors without assigned owners
- Approval backlogs - Vendors awaiting approval
Periodic vendor reviews
Monthly/quarterly activities:
- Update assessments - Changes in vendor services
- Upload new documentation - New compliance documentation
- Review risk ratings - Still accurate classification
- Validate ownership - Correct owners still active
Next steps
Now you know the Vendor Management interface:
- Inventory current vendors needing assessment
- Identify risk classification criteria for your organisation
- Plan document collection for compliance requirements
- Develop approval workflows for efficient vendor onboarding
- Previous
- Troubleshooting & FAQ