Vendors
Getting started with Vendors
title: Getting started with Vendors description: Introduction and navigation of vendor management and risk assessment in Tidal Control sidebar_position: 1
Getting started with Vendors
What is Vendor Management in Tidal Control?
Vendor Management in Tidal Control enables you to systematically assess vendor risks and monitor compliance via structured workflows and documentation.
Core functionalities:
- Structured risk assessments - Questionnaires for vendor evaluation
- Document management - Centrally manage compliance documentation
- Approval workflows - From draft to approved vendor status
- Risk classification - High, Medium, Low risk categorisation
- Ownership tracking - Who is responsible for which vendor
Vendor management vs ad-hoc vendor evaluations
Vendor management is ideal for:
- Systematic third-party risk assessment
- Compliance documentation management
- Standardised vendor onboarding
- Periodic vendor reviews and updates
Ad-hoc evaluations remain necessary for:
- One-off project vendors
- Informal vendor screening
- Quick impact assessments
Navigating the Vendors overview page
The Vendors page shows all vendors with their assessment status, documentation and risk ratings in a clear table.
What you see in the overview:
- Vendors table - All vendors with status information
- Filtering options - Open vs Archived, Rating, Assignee, Status
- Search functionality - Quickly find specific vendors
- Add vendor button - Add new vendors
- Vendor actions - Management options per vendor
Understanding the vendors table
Column information:
- Name - Vendor name and identification
- Documents - Number of uploaded compliance documents (📄 4)
- Rating - Risk classification (High, Medium, Low)
- Assessment - Assessment status (Draft, Approved)
- Approved On - Approval date for compliance tracking
- Assignee - Responsible person for vendor management
Example vendor information:
Microsoft | 📄 4 | Medium | Approved | 20 July 2025 | DA
GitHub | - | High | Approved | 20 July 2025 | DA
Amazon | - | High | Draft | - | DA
Filtering and searching
Open vs Archived filtering:
- Open (5) - Active vendors in use
- Archived (0) - Inactive vendor relationships
- Switch between tabs for different vendor sets
Rating filter:
- High - Critical vendors with high business impact
- Medium - Standard business services vendors
- Low - Minimal risk vendors
Status and Assignee filters:
- Assessment status - Filter on Draft vs Approved
- Assignee - Filter per responsible person
- Combine filters for specific vendor sets
Recognising vendor statuses
Assessment status indicators
Draft:
- New vendor in assessment phase
- Assessment not completed - Questions still to answer
- Documentation possibly missing
- Not yet approved for use
Approved:
- Assessment completed and reviewed
- Compliance documentation validated
- Approval date recorded
- Ready for use within organisation
When status changes:
- Draft → Approved after successful assessment and document review
- Approved → Archived when ending vendor relationship
- Status tracking for compliance audit trails
Understanding vendor ratings
Risk classification system
High Risk:
- Critical business services - Direct impact on operations
- Sensitive data processing - PII, financial, health data
- Legal scope - GDPR, SOX, healthcare compliance
- System access - Direct access to critical systems
Medium Risk:
- Standard business services - Normal operational support
- Limited data access - Non-sensitive business data
- Minimal system access - Controlled access levels
- Standard compliance requirements
Low Risk:
- Minimal business impact - Non-critical services
- No data processing - Physical services, basic tools
- No system access - Standalone services
- Basic compliance requirements
Risk rating determination
Factors influencing rating:
- Data Access Level - What data does vendor have access to
- Business Criticality - Impact on core business processes
- Regulatory Jurisdiction - Compliance complexity
- Service Scope - Extent of vendor services
Vendor detail panel navigation
Each vendor has an extensive detail panel with various tabs for complete information management.
Assessment tab
Risk assessment questionnaire with specific questions:
- Data Access Level - "What level of access does the vendor have to our systems and data?"
- Data Processing Type - "What type of data will the vendor process, store, or transmit on our behalf?"
- Business Criticality - "How critical is this vendor's service to our core business operations?"
- Regulatory Jurisdictions - "In which regulatory jurisdictions does the vendor operate?"
- Vendor Scope - "What is the scope and scale of the vendor relationship?"
Completing assessment:
- Dropdown selections for standardised answers
- Mandatory vs Optional question marking
- Rating calculation automatic based on answers
Details tab
Vendor information management:
- Description - Description of vendor services
- Website - Official vendor website
- Vendor contact - Contact information for primary contact on vendor side
- Security page - Links to security documentation
- Privacy policy - Vendor privacy and data protection
- Jurisdiction - Legal and compliance jurisdiction
- Owners - Internal owners of vendor relationship
Documents tab
Compliance documentation management:
- Document upload - "Upload Document" functionality
- Document types - Privacy Policy, Security Assurance, Data Processing Agreement, Vendor Contract
- Upload tracking - Upload Date and Uploaded By information
- Document access - Who can view and manage documents
Feed tab
Activities and updates tracking:
- Assessment changes - Changes in risk assessment
- Document updates - Upload and modification history
- Status changes - Draft to Approved transitions
- Owner changes - Ownership changes
Vendor management workflows
Daily vendor monitoring
Routine checks:
- New Draft vendors - Which assessments need completing
- Document expiration - Compliance documents needing updates
- Owner assignments - Vendors without assigned owners
- Approval backlogs - Vendors awaiting approval
Periodic vendor reviews
Monthly/quarterly activities:
- Update assessments - Changes in vendor services
- Upload new documentation - New compliance documentation
- Review risk ratings - Still accurate classification
- Validate ownership - Correct owners still active
Next steps
Now you know the Vendor Management interface:
- Inventory current vendors needing assessment
- Identify risk classification criteria for your organisation
- Plan document collection for compliance requirements
- Develop approval workflows for efficient vendor onboarding
- Previous
- Troubleshooting & FAQ