Tiering
Tiering is the process of classifying a vendor's risk level based on the nature of your relationship with them.
Custom tiering form
Each tenant can configure a custom tiering form with personalized questions and options:
Supports single and multi-answer question types.
Handles localization (multi-language support).
Computes a tenant-specific tier/score based on answers.
Contact [email protected] to customize it
How by default tiering works
A vendor's risk tier is determined using a Vendor Relationship Form with three questions:
1. Type of data processed
This is a multiple choice question. The scoring uses the maximum value among selected choices.
Data Type | Score |
|---|---|
Customer data | 5 |
Company metadata (corporate email, employee handbook, corporate policies) | 2 |
Company intellectual property (internal documents, code) | 5 |
Sensitive company data (financials, M&A plans, board notes, strategic roadmaps) | 10 |
Personally Identifiable Information (PII) | 10 |
Health Information (PHI) | 10 |
Cardholder data (PCI DSS) | 10 |
2. Operational impact of 24-hour unavailability
This is a single choice question.
Impact Level | Score |
|---|---|
None | 0 |
Low | 2 |
Normal | 4 |
Important | 7 |
Critical | 10 |
3. Access level authorized
This is a single choice question.
Access Level | Score |
|---|---|
No access | 0 |
Read access only | 5 |
Read/Write access | 10 |
Tier calculation
The total score determines the vendor's tier:
Score Range | Tier |
|---|---|
< 10 | Tier 3 (Low risk) |
10 - 19 | Tier 2 (Medium risk) |
20 - 29 | Tier 1 (High risk) |
Override tiering
You can manually override a vendor's tier. When overriding:
A Reason field appears and is mandatory -- you cannot save without filling it.
A new event is logged in the Activity section when a tier is overridden.