Canopy draws information from a number of sources to build a picture of the risk a supplier may pose your business. Understanding these sources and how they combine will aid in your understanding of how to get the most out of the Canopy platform.
In this article you will learn:
Sources of information that determine risk
What happens when there is a conflict
Sources of information that determine risk
Risk is calculated by pulling information from three main sources. These are:
- Category of the supplier
This provides a very quick way of segmenting the supplier base into those who pose more of a risk to your business (e.g. high voltage electricians) and those that do not (e.g. office supplies) - Screening questions
These are questions that are asked firstly of the Requestor, and subsequently of the supplier, to determine the nature of trade that is taking place, the level of access the supplier might need, and how the supplier intends on carrying out the works. For example, whether or not the supplier needs to come onsite, or process Personally Identifiable Information (PII).
Click here for more information about Screening Questions. - Input from third party sources
Where available, external data sources serve as a valuable addition to the overall risk assessment. Canopy can integrate with a wide range of third party providers, such as credit rating agencies, accreditation registers, and specialist third party risk management (TPRM) platforms. In our experience however, these sources are not universally available and only serve to offer an enhanced source of input in the areas where they have coverage.
How risk is determined
At the core of the Canopy platform sits a risk model, which analyses all of the data from the various sources to determine the appropriate level of risk.
Each of our customers' risk models are different, as they are configured to their individual needs. Please check with your Administrator for an understanding of how the risk model on your Canopy instance has been configured.
What happens when there is a conflict
If ever there is a conflict between data sources about what the risk level should be, Canopy always defaults to the highest risk rating.