Workflow 05 — Decision Governance
Vendor & Third-Party Risk.
Every vendor onboarding, renewal, and exception decision with evidence, owner, and review cadence.
The shared decision anatomy
Every Decision Governance Workflow follows the same five-step structure. The Vendor & Third-Party Risk workflow uses it like this:
- Signal. New vendor onboarding, contract renewal, risk-tier change, or material concern (incident, financial, breach).
- Owner. Vendor manager (line of business), with Third-Party Risk for review and approval.
- Decision. Approve / approve with conditions / decline; risk tier and review cadence assigned.
- Action. Due diligence captured, contract executed or terminated, monitoring schedule active.
- Outcome. Every vendor on the books has a current owner, current evidence, and a current next review.
01
Signal
02
Owner
03
Decision
04
Action
05
Outcome
Apex linkage
Strategic & Board Decisions inherit operational evidence from this workflow. Decisions made in Vendor & Third-Party Risk flow upward to the apex layer automatically, so a board-level capital, risk-appetite, or strategic-plan decision ties back to the operational record beneath it.
How to start
Per-workflow subscription is the entry point. Subscribe to the Vendor & Third-Party Risk workflow at $99/mo and onboard in days, not weeks. For multi-workflow scope or apex linkage, talk to us about the Risk Bundle or Enterprise tier.