Review tiering assessment responses — Legacy process

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 1 minute to read

    • Starting with GRC: TPRM version 15.0.0, risk tiering is a legacy process that you do not need to perform. Instead, use the IRQ process in the Vendor Management Workspace.

    Before you begin

    Role required: sn_vdr_risk_asmt.vendor_assessor

    About this task

    The more complete IRQ process replaces tiering.

    Important:

    In the TPRM application, the IRQ is an internal questionnaire that improves the original tiering assessment process. IRQs enhance internal risk assessments with increased flexibility, control, and scalability. Unlike a tiering assessment where external questionnaires are determined solely by the risk tier, an IRQ can dynamically trigger external questionnaires based on both respondents' answers and risk tier.

    To enable a seamless transition to TPRM, you have the option to duplicate existing tiering assessments and designate them as IRQ internal assessments. Risk tiering is supported as an unchanging legacy process.

    The TPR assessor can view risk tiering assessment responses after the internal stakeholders have submitted their assessment and adjust the scoring appropriately.

    Procedure

    1. Use either of the following methods to start the process:
      • In the Vendor Management Workspace, click the List icon (List.) and then navigate to Tiering risk assessments > Open assigned to me.
      • Navigate to All > Third-party Risk Management > Tiering Assessments > My Open Assessments.
    2. Review, add, or change responses, as necessary.