Define a VRM engagement

  • Release version: Xanadu
  • Updated July 31, 2025
  • 2 minutes to read

    • Define an engagement so that you can assess the risks that are associated with the services or products offered by a third party. Engagements can also represent the products or services that are provided to the parent third party, either directly or from departments, partners, or subsidiaries that you can also assess for risk.

    Before you begin

    Role required: sn_vdr_risk_asmt.vendor_risk_manager or sn_vdr_risk_asmt.vendor_assessor

    Procedure

    1. On the Risk tab of the Vendor Management Workspace, select Create engagement in the Quick actions box.
      The Create third-party engagement form opens to the Details tab.
    2. Optional: Select Browse to select and add an attachment.
    3. Fill in the form and then select Save.
      Table 1. Create third-party engagement form
      Field Description
      Third-party engagement section
      Name Unique name for the engagement. Ideally, mention the product or service that is the subject of the engagement.
      Third party (Vendor) The third party for whom you are creating this engagement record.
      Type Type of product or service to be provided by the engagement organization.
      Start/End date Enter start and end dates to define how long the engagement is valid.
      Contract start date / end date Preferred dates for the beginning and end of interactions with the third party.
      Contract expiration date The date on which the engagement ends officially and legally.
      Status

      Select the current status of the engagement.

      • Active
      • Onboarding
      • Prospect
      • Active unauthorized
      • Terminated
      • Onboarding rejected
      Note:
      An engagement starts in the inactive state. An engagement moves to the active state when a contract is in place or you take part in an active relationship with the third party.
      Risk rating Displays the risk rating assigned to the engagement after an assessment has been performed.
      Engagement tier The tier used for this engagement. See VRM third-party risk tiering assessments for details of how the tier is determined.
      Annual spend / Value The annual monetary spend associated with this engagement's services.
      Engagement manager Specify the person who will monitor, prioritize, and act on responses to external questionnaires, issues, and tasks. Select the lock to lock/unlock the field.
      Business owner Specify the person who is familiar with the engagement organization and the product or services that will be engaged. Select the lock to lock/unlock the field.
      Notes Enter text that describe the engagement to other users.
      Contact section
      Street, City, State/Province, ZIP/Postal code, Country, Phone, Fax

      Standard contact information for the engagement organization.
      Latitude and Longitude

      The Latitude and Longitude values are used to mark the location on the Risk concentration map. See TPRM Risk concentration map.
      Risk Ratings section
      Computed risk rating

      The calculated Computed risk rating.

      The value is overall risk rating for the third party, calculated after the assessment by rolling up all of the TPR assessors' risk ratings.
      Override risk rating

      Option to override the computed rating.

      If you select the check box, then specify the following values:
      • Overridden risk rating. Select the new risk rating.
      • Overridden on: The system auto-populates the date that the override occurred.
      • Justification: Enter the reason that you overrode the value.