Managing vendors

The Vendor Management module in VerifyWise allows organizations to track, assess, and manage AI providers that they use in their projects. This system helps maintain a centralized record of all external vendors that provide AI-related products, services, or components, along with their review status, risk levels, and associated documentation.

Each listed vendor has a name, an assignee to that vendor, a vendor status indicator, the risk status of the vendor, and a review date.

By clicking the gear icon in the rightmost column, a given vendor can be edited or removed from the project.

Add or edit a vendor

You can change a vendor's settings by clicking the corresponding gear icon and then 'Edit'. Alternatively, click Add new vendor on the top right corner of the screen to create a new vendor.

Vendor details

To add a new vendor, add the following to the "Vendor details" tab. Just a note that when a vendor is added, it is available for all projects.

1. Vendor name

2. Website: Provide a URL to the vendor's website.

3. Project name: Select the project that the vendor is assigned to.

4. "What does the vendor provide?": Explain how the vendor is integrated with your AI application.

5. Vendor contact person: Provide the full name of a contact from the vendor.

6. Review status (Active/ Under review/ Not active): Select the appropriate review status.

7. Reviewer: Designate the organization member responsible for the review.

8. Review result: If a review has been conducted, report the result of the review.

9. Risk status (Very low/ Low/ Medium/ High/ Very High): Note the risk status of the new vendor.

10. Assignee: Assign someone to the vendor.

11. Review date: Note down the date of vendor review, if one was conducted.

12. If done, click Save.

Vendor risks

If the vendor poses any risks, this needs to be monitored. The "Risks" tab allows users to provide details on risks posed by the new vendor, if any.

• Risk description: The risk that may be posed by the new vendor.

• Impact description: The (hypothetical) impact of the risk.

• Impact (High/ Moderate/ Low): The scale of disruption threatened by the risk

• Probability: Possibility of the risk causing disruption

• Risk severity (Critical/ Major/ Minor): The acuteness of danger (e.g. to data privacy or human safety) posed by the risk

• Action plan: An action plan to mitigate and/or avert the risk

• Action owner: The person responsible for mitigating this risk and implementing the action plan