Help Center
Go back to application
Help Center
Go back to application
Platform Terms Glossary
Task Management
Task Management explained Creating Tasks Setting up Task NotificationsGiving permissions to team members
Organization
Working together in KertosInviting UsersCreating rolesAssigning Data Source AccessCreating Departments and Assigning Users
Integrations
Discovery
Tasks
Device Management
Human Resource Information Systems
Inventory
Inventorization of vendorsInventorization of systemsInventorization of assetsEU AI Act: Inventorization of AI use cases
Risks
Managing risksApplying controls to risks
Trust Center
Setting up your trust center
Incidents
Reporting incidents
KAI
KAI explainedPrinciples of AI at KertosInteracting with KAI
Compliance
Frameworks explainedManaging & implementing controlsCreating & managing policiesCompleting & assigning trainings
Privacy Management
Creating a RoPACreating TOMsCreating DPIAs
Data Subject Requests
API Reference
Ingress API Docs for DSRs Webhook API Docs for DSRs

Inventorization of vendors

Vendors are the suppliers of the systems that you use to process data within your organization and play an integral role in managing your compliance with Kertos.

Activating discovered vendors

 

When you have run some discovery integrations, Kertos will already have identified lots of vendors for you. Now you need to activate those and provide their missing information.

 

 

1. Go to "Vendors" under "Inventory". 

2. Select the "Discovered" tab.

3. Select the vendors that you actually use within your organization and click "set to active". Then select the vendors that are not relevant to you and click "archive". This means that they will not be re-discovered when you run discovery integrations on a regular basis (which you should).

4. The vendors that you have activated will now show up in the "Active" tab.

5. Now you can click on the individual vendors and supplement missing information. See the section below for more information.

 

Adding Vendors manually

If a vendor of yours was not identified in the discovery, you have the option to add it manually. Every manually added vendor will be automatically assigned active status.

 

 

1. Click “Add Vendor”.

2. Now you already need to provide the missing information as described below in "Documenting basic information".

3. Click “Save”.

 

Documenting basic information

 

 

Among the basic options for documentation in the detail view, there are:

  • Vendor name The legal name of the vendor.
  • HQ Location
  • Region/ Country Region/ Country of the headquarter.
  • Description What the vendor sells.
  • Internal Contact Who is responsible for this vendor.
  • Responsible Department Department of the responsible person.
  • External Contact incl. E-Mail and phone number
  • Risk level Risk level based on your personal evaluation.
  • Certificates Certificates that you know the vendor possesses.

 

Adding Vendor Certificates

For some widely-used vendors, Kertos will automatically set their certificates for you. If there none available for pre-setting, you can add certificates manually.

 

1. Click into the Vendor Certificates bar.

2. Choose the desired certification from the list.

 

If it does not appear in the list, you can add a custom vendor certificate by entering its name and click “Add vendor certificate”.

 

 

If you want to remove a custom certificate, click “edit vendor certificates”. You can remove the certificate by clicking on the red minus that appears.

 

Assigning Systems

This step is very important as it connects systems to their respective vendors.

 

1. Scroll down to the section "Which systems are provided by this vendor?".

2. Select the systems that are provided by this vendor.

Alternatively, you can assign systems to a vendor from a system page. See this article for how to do that.

Uploading documents

You can add any document that belongs to a specific vendor on its detail view.

 

 

We have added the three most common ones for accessibility:

  • Data Processing Agreement
  • Privacy Policy
  • Link Impact Assessment

 

 

At the bottom of the vendor detail view, you can also add additional documents.

 

FAQs

What do I need to fill in to all the fields for the vendors? Are all fields mandatory?

To able to create a vendor in Kertos, you only need the name of the vendor. From a Compliance standpoint, however, you should add at least the following info:

  • HQ Location incl. country
  • Description of what the vendor does
  • What Data Sources belong to the vendor
  • their Terms and conditions via the document upload
  • any contracts via the document upload, especially Service-Level-Agreements with cloud providers

When do I know that my vendor management is compliant?

Your Vendor Management is done correctly when all relevant vendors are documented in the way described above.

How do I document my ongoing vendor management?

As soon as you are aware of a new vendor that you are working together with, make sure to add it to your list as described above. To stay on top of Shadow IT and new vendors that come with it, make sure to setup our Discovery Integrations so that you can detect new data sources and vendors.

Was this article helpful?

Powered by Product Fruits