Schema Forge
Form Architecture
Organize vendor management forms into logical portal groups aligned with vendor lifecycle stages.
Portal Structure
| Portal Group | Forms | Business Function |
|---|---|---|
| Vendor Registration | New Vendor, Update Vendor | Maintain vendor registry |
| Contacts | New Contact, Update Contact | Manage vendor contacts |
| Contracts | New Contract, Contract Renewal | Contract lifecycle management |
| Risk Assessment | New Assessment, Risk Acceptance | Third-party risk management |
| Performance | New Review, SLA Performance Entry | Vendor performance tracking |
| Issues | New Vendor Issue, Update Issue | Problem management |
Form 1: New Vendor
Register new third-party vendors in the CMDB. Vendor registration is the gateway to formal vendor management and triggers risk assessment workflows.
Portal Placement: Vendor Registration
Request Type: Task | Priority: Medium | Approvers: Vendor Manager
Field Specification
| Field | Type | Required | Help Text |
|---|---|---|---|
Vendor Name |
Text | Yes | Legal name of the vendor organization |
Vendor Type |
Select | Yes | Primary classification of the vendor |
Website |
URL | No | Include https:// prefix |
Strategic Importance |
Select | No | Business criticality of this vendor |
Engagement Description |
Textarea | Yes | Products/services to be procured and business purpose |
Estimated Annual Spend |
Number | No | Expected annual spend in dollars |
Data Access Required |
Select | Yes | Will vendor access company data? |
Conditional Logic
- When Strategic Importance = "Critical": Show Executive Sponsor field (required), route to TPRM Manager and CPO
- When Data Access = "Confidential/Restricted": Show Data Types multi-select, route to Security for review
Form 2: New Contract
Register vendor contracts and agreements for lifecycle management and spend tracking.
Portal Placement: Contracts
Request Type: Task | Priority: High | Approvers: Contract Manager, Legal (for >$100K)
Field Specification
| Field | Type | Required | Help Text |
|---|---|---|---|
Contract Name |
Text | Yes | Include vendor name and contract type |
Vendor |
Assets Picker | Yes | Select the vendor for this contract |
Contract Type |
Select | Yes | Master Agreement, SOW, Subscription, etc. |
Total Value |
Number | No | Total contract value over the full term |
Start Date |
Date | Yes | Effective date when obligations begin |
End Date |
Date | No | Leave empty for perpetual agreements |
Auto-Renew |
Select | No | Does contract automatically renew? |
Notice Period (Days) |
Number | No | Days required for termination notice |
Conditional Logic
- When Contract Type = "Subscription": Auto-Renew becomes required, show Billing Frequency field
- When Auto-Renew = "Yes": Notice Period becomes required
- When Total Value > 100000: Route to Legal for review
Form 3: New Risk Assessment
Initiate and document vendor risk assessments as part of the TPRM program.
Portal Placement: Risk Assessment
Request Type: Task | Priority: High | Approvers: TPRM Manager
Field Specification
| Field | Type | Required | Help Text |
|---|---|---|---|
Assessment Name |
Text | Yes | Include vendor name and assessment type |
Vendor |
Assets Picker | Yes | Select the vendor being assessed |
Assessment Date |
Date | Yes | Date the assessment was conducted |
Assessment Type |
Select | Yes | Initial Onboarding, Annual Review, Triggered, Renewal |
Overall Risk Level |
Select | Yes | Aggregate risk rating from the assessment |
Assessment Methodology |
Select | No | Questionnaire, On-Site Audit, Third-Party Report, etc. |
Next Review Date |
Date | No | When the next assessment should occur |
Conditional Logic
- When Overall Risk Level = "Critical": Show Critical Findings Summary (required), route to CISO
- When Assessment Type = "Triggered Review": Show Trigger Reason select and Trigger Description textarea (required)
Form 4: New Vendor Issue
Report and track problems, incidents, or disputes with vendors.
Portal Placement: Issues
Request Type: Task | Priority: Derived from Priority field | Approvers: Vendor Manager (for Critical)
Field Specification
| Field | Type | Required | Help Text |
|---|---|---|---|
Issue Title |
Text | Yes | Concise description of the issue |
Vendor |
Assets Picker | Yes | Select the vendor this issue involves |
Issue Type |
Select | Yes | Service Outage, Quality Issue, Billing Dispute, etc. |
Priority |
Select | Yes | Critical, High, Medium, Low |
Description |
Textarea | No | Detailed description of the issue and context |
Impact Description |
Textarea | No | Business impact of this issue |
Conditional Logic
- When Priority = "Critical": Description and Impact become required, send immediate notification
- When Issue Type = "Security Incident": Show Security Team Notified checkbox (required), route to Security
- When Issue Type = "Service Outage": Show Outage Start Time and End Time fields
Access Control
| Form Category | Access Level | Rationale |
|---|---|---|
| Vendor Registration | Vendor Managers, Procurement | Controlled vendor creation |
| Contracts | Contract Managers, Legal | Contract terms sensitivity |
| Risk Assessment | TPRM Team | Assessment methodology consistency |
| Performance Review | Vendor Managers, Business Owners | Relationship management |
| Issues | All authenticated users | Broad issue reporting |
Form Design Tip: Over-complex forms discourage proper vendor registration, leading to shadow procurement. Balance comprehensive data capture with user adoption through right-sized forms with appropriate conditional logic.