Vendors

Getting started with Vendors

title: Getting started with Vendors description: Introduction and navigation of vendor management and risk assessment in Tidal Control sidebar_position: 1

What is Vendor Management in Tidal Control?

Vendor Management in Tidal Control enables you to systematically assess vendor risks and monitor compliance via structured workflows and documentation.

Core functionalities:

  • Structured risk assessments - Questionnaires for vendor evaluation
  • Document management - Centrally manage compliance documentation
  • Approval workflows - From draft to approved vendor status
  • Risk classification - High, Medium, Low risk categorisation
  • Ownership tracking - Who is responsible for which vendor

Vendor management vs ad-hoc vendor evaluations

Vendor management is ideal for:

  • Systematic third-party risk assessment
  • Compliance documentation management
  • Standardised vendor onboarding
  • Periodic vendor reviews and updates

Ad-hoc evaluations remain necessary for:

  • One-off project vendors
  • Informal vendor screening
  • Quick impact assessments

Navigating the Vendors overview page

The Vendors page shows all vendors with their assessment status, documentation and risk ratings in a clear table.

Vendors overview

What you see in the overview:

  • Vendors table - All vendors with status information
  • Filtering options - Open vs Archived, Rating, Assignee, Status
  • Search functionality - Quickly find specific vendors
  • Add vendor button - Add new vendors
  • Vendor actions - Management options per vendor

Understanding the vendors table

Column information:

  • Name - Vendor name and identification
  • Documents - Number of uploaded compliance documents (📄 4)
  • Rating - Risk classification (High, Medium, Low)
  • Assessment - Assessment status (Draft, Approved)
  • Approved On - Approval date for compliance tracking
  • Assignee - Responsible person for vendor management

Example vendor information:

Microsoft | 📄 4 | Medium | Approved | 20 July 2025 | DA
GitHub   | -    | High   | Approved | 20 July 2025 | DA
Amazon   | -    | High   | Draft    | -            | DA

Filtering and searching

Open vs Archived filtering:

  • Open (5) - Active vendors in use
  • Archived (0) - Inactive vendor relationships
  • Switch between tabs for different vendor sets

Rating filter:

  • High - Critical vendors with high business impact
  • Medium - Standard business services vendors
  • Low - Minimal risk vendors

Status and Assignee filters:

  • Assessment status - Filter on Draft vs Approved
  • Assignee - Filter per responsible person
  • Combine filters for specific vendor sets

Recognising vendor statuses

Assessment status indicators

Draft:

  • New vendor in assessment phase
  • Assessment not completed - Questions still to answer
  • Documentation possibly missing
  • Not yet approved for use

Approved:

  • Assessment completed and reviewed
  • Compliance documentation validated
  • Approval date recorded
  • Ready for use within organisation

When status changes:

  • Draft → Approved after successful assessment and document review
  • Approved → Archived when ending vendor relationship
  • Status tracking for compliance audit trails

Understanding vendor ratings

Risk classification system

High Risk:

  • Critical business services - Direct impact on operations
  • Sensitive data processing - PII, financial, health data
  • Legal scope - GDPR, SOX, healthcare compliance
  • System access - Direct access to critical systems

Medium Risk:

  • Standard business services - Normal operational support
  • Limited data access - Non-sensitive business data
  • Minimal system access - Controlled access levels
  • Standard compliance requirements

Low Risk:

  • Minimal business impact - Non-critical services
  • No data processing - Physical services, basic tools
  • No system access - Standalone services
  • Basic compliance requirements

Risk rating determination

Factors influencing rating:

  • Data Access Level - What data does vendor have access to
  • Business Criticality - Impact on core business processes
  • Regulatory Jurisdiction - Compliance complexity
  • Service Scope - Extent of vendor services

Vendor detail panel navigation

Each vendor has an extensive detail panel with various tabs for complete information management.

Assessment tab

Vendor Assessment Tab

Risk assessment questionnaire with specific questions:

  • Data Access Level - "What level of access does the vendor have to our systems and data?"
  • Data Processing Type - "What type of data will the vendor process, store, or transmit on our behalf?"
  • Business Criticality - "How critical is this vendor's service to our core business operations?"
  • Regulatory Jurisdictions - "In which regulatory jurisdictions does the vendor operate?"
  • Vendor Scope - "What is the scope and scale of the vendor relationship?"

Completing assessment:

  • Dropdown selections for standardised answers
  • Mandatory vs Optional question marking
  • Rating calculation automatic based on answers

Details tab

Vendor Details Tab

Vendor information management:

  • Description - Description of vendor services
  • Website - Official vendor website
  • Vendor contact - Contact information for primary contact on vendor side
  • Security page - Links to security documentation
  • Privacy policy - Vendor privacy and data protection
  • Jurisdiction - Legal and compliance jurisdiction
  • Owners - Internal owners of vendor relationship

Documents tab

Vendor Documents Tab

Compliance documentation management:

  • Document upload - "Upload Document" functionality
  • Document types - Privacy Policy, Security Assurance, Data Processing Agreement, Vendor Contract
  • Upload tracking - Upload Date and Uploaded By information
  • Document access - Who can view and manage documents

Feed tab

Activities and updates tracking:

  • Assessment changes - Changes in risk assessment
  • Document updates - Upload and modification history
  • Status changes - Draft to Approved transitions
  • Owner changes - Ownership changes

Vendor management workflows

Daily vendor monitoring

Routine checks:

  • New Draft vendors - Which assessments need completing
  • Document expiration - Compliance documents needing updates
  • Owner assignments - Vendors without assigned owners
  • Approval backlogs - Vendors awaiting approval

Periodic vendor reviews

Monthly/quarterly activities:

  • Update assessments - Changes in vendor services
  • Upload new documentation - New compliance documentation
  • Review risk ratings - Still accurate classification
  • Validate ownership - Correct owners still active

Next steps

Now you know the Vendor Management interface:

  • Inventory current vendors needing assessment
  • Identify risk classification criteria for your organisation
  • Plan document collection for compliance requirements
  • Develop approval workflows for efficient vendor onboarding
Next
Creating and managing vendors