Third Party

  • 2 minute(s) read
Prev Next

Introduction

SAFE allows you to configure the Global Automation Settings, Third-party Tiering, and Assessment Settings.

Global Automation Settings

Global Automation Settings allow you to define how third-party assessments are triggered and managed within your TPRM program—ranging from manual to fully automated workflows. Navigate to the Settings > Third Party to access the Global Automation Settings.

Automation Modes

You can choose from three levels of automation:

1. Manual Mode

Best suited for teams that prefer full control over assessment workflows.

Manual.png

Capabilities:

  • Manually add third parties.

  • Manually assign questionnaires based on tier or criticality.

  • Assessments must be manually initiated and reviewed.

  • No automation is applied.

2. Partially Automated Mode

Ideal for programs that want a blend of external insight and internal assessment.

Partial Automation.png

Capabilities:

  • Automatically pre-fill assessments using outside-in scan data.

  • Use pre-filled answers as a starting point before engaging vendors.

  • Manual follow-up required for completion.

3. Fully Automated Mode

Suitable for mature programs with scalable processes.

Full Automation.png

Capabilities:

  • Outside-in assessments pre-fill responses.

  • SAFE AI agents can automatically notify vendors via email.

  • Vendor email includes:

    • Number of pre-filled questions

    • Detected assets and related findings

  • Vendors can:

    • Manually answer remaining questions

    • Upload a completed assessment or compliance report (e.g., SOC 2, ISO 27001), enabling the system to auto-map answers.

Notes

  • While a default automation setting is applied globally, it can be overridden for individual third parties during or after onboarding.

  • Any change to automation settings will be applicable to only new third-party additions from the time of change

Smart Tiering Configuration

Smart Tiering helps classify third parties based on business risk and other custom attributes, enabling dynamic assignment of questionnaires and assessments.

You can configure up to 6 tiers:

  • 5 custom tiers (use your own naming/taxonomy)

  • 1 default tier: Others

Creating Tiers

Follow the steps below to define your third-party tiers:

  1. Go to Settings > Third-Party

  2. Click on the “Add” button to begin creating a new tier.

  3. Enter Tier Name

  4. In the Name field, provide a clear, descriptive name (e.g., Tier 1 - High Risk, Tier 2 - Medium Risk).

  5. Assign a questionnaire by selecting the questionnaire from the dropdown.

    If you need to use a custom questionnaire, please contact SAFE Support to get it added to your environment.

  6. Define tier conditions to automatically categorize vendors into this tier based on key attributes.

  7. Choose an attribute (e.g., Business Resource, Country of Headquarters).

  8. Select an operator (e.g., IN, EQUALS, CONTAINS).

  9. Enter one or more matching values.

  10. Use the “+” button to add additional conditions.

  11. You can configure the condition logic using:

    1. Match All: All conditions must be true.

    2. Match Any: At least one condition must be true.

  12. Use "Match All" when you want a precise classification, and "Match Any" for broader inclusion.

  13. Click the Save button.

  14. The tier will now be available in your third-party settings tier list.

  15. Repeat the above steps to create multiple tiers. We recommend at least three tiers (e.g., High, Medium, Low) to reflect different levels of risk and scrutiny.

Screenshot 2025-05-22 at 6.56.37 PM.png

Manage Tiers

You can edit or delete existing Tiers from the list. Simply click the three-dot menu in the Manage column and select the desired action based on your requirement.