VRA process
First, review the existing Vendor Risk Assessment page to identify vendors that have a Vendor Risk Assessment in place (or in process) and the level of data for which the assessment is valid. Each VRA is case specific, meaning an assessment completed by another department may not automatically grant unilateral use for all departments. When the VRA is approved, you should then complete a KFS Purchase Agreement for the specific agreement, and the signed VRA must be electronically attached to your KFS Purchase Agreement document. Specific purchases would then be processed against the agreement on a KFS Requisition.
Initiate a VRA
The VRA is a two step process starting with an initial Vendor Risk Assessment Initial Request which initiates a preliminary OCP review.