# Request and Review Vendors This article explains how vendor intake requests are raised and reviewed in Sprinto.\ It covers: * How employees request new vendors * How reviewers (Vendor Admins) are notified * How reviewers evaluate an intake vendor * How to update the vendor’s lifecycle stage (Intake, Active, Archived) * What happens after a vendor is approved or archived Vendor requests support organisations that evaluate tools before onboarding them. Intake requests help GRC, Security, Legal, and Finance teams assess vendors before marking them as Active. *** ## **Roles** #### **Employee / Business Owner** * Can request a vendor from the Employee Portal * Can view and edit intake requests (until decisioned) * Receives notifications when the request is submitted and when a reviewer acts on it #### **Vendor Admin / Reviewer** * Reviews all vendors in the **Intake** stage * Can update vendor details, scoring, due diligence, and documents * Decides whether the vendor should become **Active** or move to **Archived** * Receives notifications when a vendor is added to Intake *** ## **Part 1: Request a Vendor (Employee Portal)** ### **Step 1: Navigate to Vendors** 1. Log in to the Sprinto Employee Portal. 2. Navigate to **Vendors**.

### **Step 2: Enter vendor details** 1. Select **Request vendor** to open the Add vendor drawer. 2. Employees can enter: * Vendor name (required) * Description * Category (required) * Company logo * Intake request reason (required) * Internal business contact * Vendor contact (name and email) * Any custom fields defined by your organisation {% hint style="info" %} **Important:** Employees cannot choose a Stage.\ All employee-created vendors are added to the **Intake** stage. {% endhint %} 3. Select **Save**.

### **Step 3: View your vendor requests** After saving: * The vendor appears in the employee’s **Intake requests** list. * Employees can: * View details * Edit the request while it is still in Intake * Track whether the reviewer has decisioned it

### **Notifications** After a vendor request is submitted, Sprinto notifies: * The requestor (employee) * The Internal Business Owner (if defined) * The Vendor Admin (default is the InfoSec Officer, unless configured otherwise) Each notification includes a link to the vendor details page. *** ## **Part 2: Review Vendor Requests (Admin Portal)** ### **Step 1: Reviewer receives a notification** 1. When a vendor is added to Intake, the Vendor Admin is notified. 2. The notification links directly to **Data Library → Vendors → All vendors (Stage = Intake).** 3. This list shows all vendors pending review.

### **Step 2: Open the intake vendor** 1. In the Admin Portal, go to **Data Library** > **Vendors**. 2. Use the **View** dropdown to select **Intake**. 3. Select a vendor to open its vendor details drawer. You will see: * **Details** * **Risk score** * **Due diligence** * **Documents** * **Findings** * **Tasks** These tabs function similarly to those for Active vendors.

### **Step 3: Review intake-specific monitor** Intake vendors display a single task-based monitor: **Vendor intake request should be decisioned** * Assigned to the Vendor Admin * Default SLA: 30 days * Status: Failing or Pending until decisioned Select **Fix issue** to begin the decision process.

*** ## **Part 3: Update the Vendor Stage** Selecting **Fix issue** opens the **Update stage** modal. The modal displays: * **Intake** * **Active** * **Archived** The current stage is marked with a **Current** badge.

### **Option 1: Approve the vendor (move to Active)** 1. Select **Active**. 2. Select **Save**. #### **What happens next** * The intake monitor switches to **Passing**. * Two new monitors are added: * **Vendor risk should be scored** * **Periodic review of access-critical systems** * Any risk scoring or due diligence begun during Intake is retained. * The requestor, Internal Business Owner, and Vendor Admin receive notifications. * The vendor becomes read-only for the employee; the “request reason” field is hidden.

### **Option 2: Archive the vendor (move to Inactive)** 1. Select **Archived**. 2. Enter a reason (if prompted). 3. Select **Save**. #### **What happens next** * The vendor moves to the **Inactive** stage. * Employees can no longer edit the request. * Reviewers can later restore the vendor to: * Intake * Active

### **Option 3: Keep the vendor in Intake** If the reviewer needs more information, they can: * Edit vendor fields under **Details** * Request documents * Add findings or tasks * Begin due diligence or risk scoring * Leave the vendor in Intake until ready to decide

*** ## **Part 4: Change Stage Manually (Any Time)** Reviewers do not need to use the monitor to change stages. They can: 1. Open a vendor. 2. Select **Update stage** (top-right). 3. Choose **Intake**, **Active**, or **Archived**. This allows: * Re-evaluating Active vendors (Active → Intake) * Restoring Archived vendors * Archiving Active vendors when offboarded *** ## **Notifications After Decision** Sprinto sends notifications whenever: * A vendor request is approved (moved to Active) * A vendor request is rejected or archived * A reviewer updates the vendor’s stage Notifications go to: * Requestor (employee) * Internal Business Owner * Vendor Admin *** ## **FAQs** #### **Can employees edit a vendor after requesting it?** Yes. Employees can edit vendor details **only while the vendor is in Intake**. #### **Can reviewers perform risk scoring and due diligence in Intake?** Yes. All scoring, tasks, findings, and due diligence actions are available during Intake. #### **Does due diligence automatically trigger in Intake?** No. Intake does not run automated monitors for due diligence. These monitors run only after the vendor becomes Active. #### **What happens to documents uploaded during Intake?** Documents remain linked to the vendor and become visible in the global documents list only after the vendor moves to Active.