Docs

Appearance

Vendor Records

A vendor record is a lightweight profile of a third party your organization relies on. It captures ownership, review cadence, and the minimum assessment context needed to support governance and audits.

What this is

Vendor records in Modulos include:

FieldWhat it meansExample
NameThe vendor name as people recognize it“Acme Cloud”
TypeA simple classification for filteringSupplier, Data Source
StatusWhere the vendor stands in your diligence workflowIn Review, Active
Risk levelA qualitative prioritization labelHigh
Responsible personWho owns follow-ups and reviews“Security Lead”
Review dateWhen to reassess the vendor next2026-03-31
Annual contract valueContract value context for criticality€250,000
SubprocessorWhether the vendor processes data on your behalfYes
LinksQuick access to key vendor policiesPrivacy policy URL
AddressOptional address detailsCity, country

Where in Modulos

  • Main navigation → Vendors to see the vendor list
  • Vendors → New Vendor to create a record
  • Vendors → select a vendor → Overview to review and edit details
Vendor detail view showing the vendor overview and assessment fields such as status, risk level, review date, and responsible person.
A vendor record combines vendor details with an assessment panel that supports review and accountability. UI shown in light mode.
  1. 1
    Summary fields
    Type, status, risk level, and next review date are visible at a glance.
  2. 2
    Edit
    Update vendor details, assessment fields, and review cadence.
  3. 3
    Vendor details
    Capture identity and key links like website and policy URLs.
  4. 4
    Assessment
    Track status, risk level, responsible person, contract value, and subprocessor flag.

Who can do what

Permissions

Vendor records use organization-level permissions.

  • Organization Admins can create, edit, and delete vendors.
  • Organization Members can typically view vendor details.

How it works

Vendor records are designed to support a continuous operating model:

  • Status helps your team distinguish between vendors that are in intake and assessment versus vendors that are approved for use.
  • Risk level is for triage. Use it to set diligence depth and review cadence.
  • Review date is the mechanism that prevents vendor governance from becoming a one-time checkbox.
  • Responsible person ensures there is always someone accountable for follow-up actions.

How to use it

  1. Create a vendor record as soon as a team proposes introducing a new third party.
  2. Start with Status = In Review while you gather artifacts and assess the vendor.
  3. Set risk level and review date based on the role the vendor plays in your AI system.
  4. When the vendor is approved, set Status = Active and keep the review date current.

Important considerations

  • Keep vendor records consistent across teams. Prefer one canonical vendor record rather than duplicates per project.
  • Use “Subprocessor” to drive what you collect. Subprocessors often require stronger contractual and privacy diligence.
  • If a vendor’s role changes, update the record and trigger a review—even if the next review date is far away.