Supplier Management in ISMSVision — What the module does

The Supplier Management module gives procurement, IT, and GRC teams a single place to record who you buy from, who owns the relationship internally, what agreements exist, and when the next service review is due—so operational risk and third-party governance stay visible, not buried in spreadsheets.

For a process view—how sourcing, onboarding, operation, and reviews fit together in a typical company, and where this module sits next to ERP and contracts—read supplier management in practice.

Who it is for

Procurement and vendor managers use it to maintain an authoritative supplier directory, coordinate contacts, and attach NDAs, contracts, and other evidence. Security and compliance teams use the same records to evidence that reviews are scheduled and that ownership is clear. Internal owners (assigned per supplier) act as the accountable point of contact inside your organisation—so escalations and renewals have a named home.

What data you store (at a glance)

Each supplier profile supports structured fields appropriate to vendor governance: identity and status, commercial and service context, key dates (including NDA and review-related fields where configured), and relationships to contacts, attachments (contracts, NDAs, other documents), service reviews, and notes. The exact layout depends on your permissions and configuration; the goal is always one coherent record per supplier rather than scattered files.

Contacts, NDAs, contracts, and other documents

You can maintain multiple contacts per supplier (for example operational, legal, or billing) so tickets and escalations route to the right people. NDAs and contracts can be stored as attachments with categorisation, alongside other files your process requires. This keeps the “paper trail” next to the supplier record—useful for audits, renewals, and onboarding handovers. See also our short guides: adding contacts and attaching documents.

Service reviews and due dates

Service reviews capture scheduled assessments of a supplier’s performance or risk posture (depending on how your organisation uses the workflow). The module highlights when reviews are due soon or overdue, and helps you see suppliers with no next date scheduled—so governance gaps are visible in the list and dashboards, not only at audit time. Step-by-step help: recording service reviews.

Internal owners

Assigning an internal owner makes responsibility explicit: who will chase the NDA, who will run the review, and who should be contacted when something changes. This is especially valuable when teams are large or when suppliers span multiple departments.

Dashboards, scoring, and “attention” indicators

Summary views and charts (such as status breakdowns, review compliance-style indicators, and attention metrics for NDAs or reviews) help managers prioritise work—they do not replace your enterprise risk methodology, but they surface which suppliers need action next. Use them as operational signals alongside your own policies and thresholds.

How it fits with the rest of ISMSVision

Supplier Management is a licensed module alongside Service Management, Knowledge Base, and Document Management. Many organisations combine Document Management for controlled policies with Supplier Management for third-party records, while Service Management handles service desk demand. See module pricing for current per-license costs.