UMMS Vendor Onboarding

Welcome to the University of Maryland Medical System (UMMS)  vendor onboarding and risk management process leveraging Prevalent Risk Management solutions. 

This new robust vendor onboarding will consist of several processes to improve vendor relationships while identifying and managing business risks to a level acceptable for the UMMS organization. 

All vendors to be formally vetted and approved by the UMMS System Supply Chain through an interactive process that will take ten (10) business days to complete depending on the responsiveness of our team members and vendors.

Requesting a Vendor has never been easier for UMMS Team Members.

 

Step One: Determine if your vendor is a new or existing vendor

Vendor Listing

Step Two: Complete the Vendor Intake Form  

Vendor Intake Form

Update Vendor Information: Change Form

Emergency Vendor Add - Exigent Request Form

(Requires VP Approval and System Supply Chain Approval)

 

Step Three: Complete the Profile & Tiering Survey 

UMMS team members will receive an invitation to the vendor onboarding platform to complete a short survey regarding vendor criticality and risk.  Vendors will be sorted into three tiers based on the information provided by the UMMS team member.  

  • Tier 1: High Risk Vendors 

    Vendors determined to be level one vendors are considered the highest risk, most critical vendors to UMMS.  These vendors create, transmit, receive, maintain, or store UMMS’ confidential data. These vendors are subject to continuous Business, Cyber and Financial Monitoring.

  • Tier 2: Medium Risk Vendors

    Vendors determined to be level two vendors are considered medium risk vendors to UMMS.  These vendors create, transmit, receive, maintain, or store internal data. 
    These vendors are subject to continuous Business and Cyber Monitoring Only.

  • Tier 3: Low Risk Vendors

    Vendors determined to be level three vendors are considered low risk vendors to UMMS.  These vendors provide solutions (products and/or services) to UMMS but do not process confidential or internal data. These vendors are subject to continuous Business Monitoring Only.

 

Training

Onboarding Webinar - After Go Live (07/28/2022)

New Vendor Onboarding Webinar (07/19/2022, 07/20/2022)

 

Job Aids & Tip Sheets

FAQs (7/25/2022)

FAQs About the New Vendor Onboarding Process (07/02/2022)

What is the New Vendor Onboarding Process

How to Access the Vendor Intake Form 

Vendor Profile & Tiering Survey

 

UMMS Policies

UMMS Supply Chain Management

• Vendor Business Review Process Policy  SC-AD-22-003

• Vendor Risk Management Use Policy  SC-XX-XX-XXX

• Contracting Policy  SC-CQ-20-001

• Procurement Policy  SC-PO-21-001

 

UMMS Accounts Payable

• Disbursement/Check Request Policy  FSS-003

 

UMMS Information Services & Technology

• IT Security Controls and Risk Assessment Policy  CIS-1401

• Acceptable Use  CIS-1301

This content is for Internal Use only.