Supplier Management

Supplier management functionality

Our new supplier management functionality allows you to keep track of all suppliers that your organisation works with in its everyday functions, or is considering onboarding. For each supplier, you can create questionnaires by selecting appropriate questions from our library, and send the questionnaire directly to the supplier via CyberComply. Their responses will be input directly into the questionnaire view, where you can assess the responses and provide risk ratings for further evaluation.

ISO 27002:2022 control 5.19 highlights the importance of having an agreed level of information security in supplier relationships, and an evaluation and selection process for suppliers. Our supplier management functionality therefore adds to our variety of tools for supporting ISO 27001 compliance.

To get started, select Supplier Management from the menu – this will take you to the supplier set up area. To create a new supplier, select Create new. In the pop-up, select a group you would like to add the supplier to, or select No group. If a group has not been created, select Create new group to supply a group name.


Create New Group

The 'Create Supplier' pop-up will appear next, allowing you to enter initial information about the supplier. There is also a tab with screening questions related to various processes where you can select if you need further information from the supplier in those areas. Questions responded to as ‘yes’ will automatically select relevant question sections in the questionnaire creation screen later on.


Create Supplier

Once the supplier has been set up, it will appear as a card in the Suppliers area. To go to that supplier’s questionnaires area, select Questionnaires on the card.


Supplier Card


In the supplier’s questionnaire area, begin creating questionnaires you will send to the supplier to gather further information on their processes. To do this, select Create new. This will take you to the ‘Create questionnaire’ view.


Create Questionaire


The questionnaire creation area is divided into subject-specific sections for ease of use. The sections can be expanded via the drop-down arrow to view a question set and pre-selected response formatting options. Within the sections, select the questions you want to be shown to the supplier. Once selections have been made, select Save followed by Preview to review the final questionnaire. If you are happy with the questions you have included in the preview, select the Send to Supplier button. A pop-up will appear with mandatory fields to complete to send the questionnaire to your supplier contact for their completion. Select Confirm and Send.


Questionnaire 1

Once sent, the supplier will have until the expiry date to complete the questionnaire and send back to you. If a response is not received by the expiry date, it will go to a ‘Overdue’ status and can be re-sent. When a response has been received, the CyberComply supplier owner will receive notification of this via email, and their responses will now be able to be viewed. Risk ratings can assigned by your organisation in relation to the supplier responses, so you can assess risk and take further action.


Supplier Response


Updated on: 23/07/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!