How to generate a Risk Score?

Generating a risk score is essential for assessing and managing the risks associated with using vendors in your company. The specific details of how to generate a risk score may vary depending on the data types, scope, and purposes involved. However, the general process remains the same.

1. Ensure you have the right subscription: The “My Vendors” module is a paid feature and requires an active subscription.

2. Enter the vendor’s Privacy Passport: Navigate to the vendor’s Privacy Passport and locate the “Add to My Vendors” button.

3. Add vendor details/fill it out later: After adding a vendor to “My Vendors”, you will be presented with a two options: add vendor details now, or later. The vendor details are needed to generate the Risk Score. If you are unable to provide accurate details at this point, add the vendor to your My Vendors table and fill it out later or invite a collogue to assist you in the process.

4. Fill out the vendor’s information and ensure it’s accurate: Double-check the accuracy of the vendor’s details, including processing location, purposes, owners, data subjects and data types shared with the vendor. It is important to have accurate information to ensure accurate risk assessment.

5. Review the vendor’s Risk Score: After filling out the needed details, the “Risk Score” tab will be activated. Take the time to review the vendor’s Risk Score and familiarize yourself with any potential vulnerabilities or risks associated with the relationship. Keep in mind that any change in the vendor details might trigger a change in the Risk Score.

6. Optional – Tag the vendor: After adding the vendor, you will have the opportunity to assign a tag to the vendor. Tagging could help you group vendors with similar risk profiles together (for example: US vendors/EU vendors, etc.).

7. Monitor and update: Regularly review and update the vendor’s risk score as new information becomes available. Changes in the vendor’s activities, regulations, or data breaches may impact their risk score and require adjustment.

By following these steps, you can effectively generate a Risk Score for the vendors your company uses. Remember, the Risk Score is not solely based on a single factor but takes into account various data points and considerations. Regularly assessing and updating your vendor risk score will help you effectively manage and mitigate the risks associated with vendor relationships.

Depending on the data types, scope, and purposes, each vendor relationship is different and the Risk Score of the company using the vendor will also differ.