NICE CXone requires all vendors to go through a vendor assessment and review process before they can provide a product or service to the company. A dossier is created for each vendor at the beginning of the process. Information Security or Internal Audit reviews the vendor. The rigor of the review depends on the type of vendor. Critical vendors receive other reviews after one year of acceptance. Once the reviews are completed, the vendor dossier generally contains the following:
-
Vendor Security Questionnaire (VSQ). A VSQ is required during onboarding and for periodic review.
-
Corrective Action Plan (CAP). A CAP is based on the evaluated risk level of the vendor.
-
NICE CXone Vendor Security Exhibit (Addendum). The addendum is based on the risk level of the vendor.
-
Other vendor submission collateral such as,
The dossier reflects the initial vendor security review and the anniversary vendor review collateral.
NICE CXone maintains a documented process flow for performing this review process.