RiskShield AI
Back to Documentation

Technical Manual

Risk Assessments Guides

In-depth articles and tutorials for risk assessments.

Cybersecurity Assessments

Our Cybersecurity Assessment helps you evaluate your organization's defense against cyber threats comprehensively.

Key Areas Covered:

  • Data Protection & Encryption
  • Network Security & Firewalls
  • Incident Response Planning
  • Employee Training & Awareness
  • Vulnerability Management

Upload your security policies, incident response plans, and network diagrams for AI-powered analysis to get a comprehensive risk score and actionable recommendations.

Third-Party Risk Evaluation

Managing risks from third-party vendors is crucial for maintaining your organization's security posture. RiskShield AI simplifies this complex process.

Vendor Onboarding

Add vendors to your platform via the Vendors page. Enter basic information such as company name, primary contact, industry, and relationship type.

Send Invitations: Use the Third-Party Management page to send secure assessment links to your vendors.

Track Progress: Monitor submission status for each vendor and receive notifications when assessments are completed.

Continuous Monitoring: Track vendor status and schedule periodic re-assessments.

Vendor Status Lifecycle Management

RiskShield AI provides a comprehensive vendor status management system to track each vendor's lifecycle from onboarding through termination. Understanding these statuses helps you maintain proper oversight and compliance.

Status Definitions

Under Review: The vendor is undergoing evaluation, assessment, or remediation. Use this status when conducting onboarding assessments, periodic re-assessments, or when the vendor is working to remediate identified issues. This status signals that the vendor's compliance posture is being actively examined and a decision is pending.

Active: The vendor is currently providing services and is in good standing. Active vendors are included in all risk calculations, reporting, and monitoring activities. This is the standard operational status for vendors you're actively doing business with.

Inactive: The vendor relationship is temporarily paused or on hold. This might be used when a contract expires pending renewal, services are suspended temporarily, or you're in a cooling-off period. Inactive vendors remain visible in your system and are still included in risk calculations, but are clearly marked as not currently providing services.

Suspended: The vendor relationship has been temporarily halted due to compliance concerns, security incidents, contractual violations, or other serious issues. Suspended vendors cannot provide services until issues are resolved. This is a more serious designation than "inactive" and typically requires executive approval to reinstate. Use suspension when immediate action is needed to protect your organization.

Archived: The vendor relationship has ended and the vendor is no longer providing services. Archived vendors are excluded from risk score calculations and active monitoring but remain in the system for historical audit purposes. Use this status for vendors whose contracts have terminated, relationships have ended, or services are no longer needed. All historical assessment data and documents are preserved.

Status Transitions

Activation Path:

  • Under Review → Active: After successful completion of onboarding assessment or remediation
  • Inactive → Active: When resuming services after a temporary pause
  • Suspended → Under Review: When beginning remediation and re-evaluation process

Restriction Path:

  • Active → Inactive: Temporary pause in services (contract expiration, seasonal pause)
  • Active → Suspended: Immediate halt due to serious concerns or incidents
  • Active → Under Review: Periodic re-assessment or triggered review
  • Any Status → Archived: Permanent end of vendor relationship

Review Outcomes:

  • Under Review → Active: Approve and activate after successful evaluation
  • Under Review → Suspended: Reject and suspend if unacceptable risks identified

When to Use Each Status

Use Under Review when: Conducting initial onboarding assessment, performing periodic re-assessment (annual/quarterly), vendor is remediating identified issues, or investigating a reported incident.

Use Active when: The vendor is providing services, all assessments are current, no significant issues exist, and risk is within acceptable levels.

Use Inactive when: Contract renewal is pending, seasonal services are not currently needed, you're in a trial period, or there's a planned temporary pause in services.

Use Suspended when: A security incident or breach has occurred, critical assessment failures are identified, the vendor is in breach of contract, regulatory concerns require immediate action, or services pose immediate risk to your organization.

Use Archived when: Contract has permanently ended, vendor has gone out of business, you've switched to an alternative provider, or services are no longer needed by your organization.

Changing Vendor Status

Only administrators can change vendor statuses. To change a vendor's status:

  1. Navigate to the Vendors page
  2. Click on the vendor to open their details modal
  3. Locate the "Vendor Status Management" card (admin only)
  4. Click the appropriate action button based on current status
  5. Confirm the status change when prompted

All status changes are automatically logged in the vendor's activity history with timestamp, user, and previous status for audit purposes.

Impact on Risk Calculations

Included in Risk Scores: Active, Inactive, Under Review, and Suspended vendors are all included in your organization's overall risk calculations and compliance reporting.

Excluded from Risk Scores: Archived vendors are excluded from all active risk calculations, though their historical data remains accessible for audit purposes.

Best Practices

  • Regular Reviews: Conduct periodic status reviews (quarterly recommended) to ensure all vendors are properly categorized
  • Document Decisions: Use the activity log to document reasons for status changes, especially for suspensions
  • Timely Updates: Update vendor status promptly when circumstances change to maintain accurate risk reporting
  • Archive Properly: Archive vendors only when relationship is truly ended to maintain clean active vendor lists
  • Suspension Criteria: Establish clear organizational criteria for when suspension is warranted versus inactive status
AI-Powered Analysis

Leverage the power of AI to accelerate your risk assessments while maintaining accuracy and compliance.

How it Works:

Document Upload: Upload your organization's policies, procedures, SOC reports, and other relevant documents.

AI Processing: Our AI models analyze the content, extract key information, and match it against assessment questions.

Suggested Answers & Evidence: The AI provides suggested answers with direct quotes from your documents as supporting evidence.

Review & Approve: You review the AI's suggestions, make any necessary edits, and approve the final answers.

This significantly reduces the time and effort required to complete complex assessments.