risk3sixty
fullCircle Vendor Management Module
fullCircle is a collection of modules that allows risk3sixty to provide compliance and audit services to customers as well as allows customers to manage their own compliance programs. Within fullCircle, the Vendor Management Module allows customers the ability to conduct initial and ongoing risk evaluations of their third-party vendors. While robust, it can be cumbersome to utilize for both clients and employees.
Time Frame:
December 2023 - May 2024
Team:
Teddy Koutsoftas, Amanda Valencia
Role:
UX Designer, UX Researcher
Skills/ Tools:
Figma, User Research, User Testing
Current Site Audit
We were given access to a sandbox version of fullCircle where we were able to mess around with the modules as if it were the real fullCircle with real clients. This allowed us to become familiar with how the module worked and where we believed the issues lied. We made 50+ comments while auditing the current pages.
Subject Matter Experts
Over the course of the project we conducted 10+ interviews with our Subject Matter Experts who were extremely familiar with the vendor management module of fullCircle. They were able to help us identify the parts of the modules that needed to be focused on and give us feedback on our solutions through all stages of the process.
Jeff Hoskins, Security Consulting Manager
Jeff has been with risk3sixty for over one and a half years starting off in consulting and now focuses on audits and product implementation.
Kendall Morris, Customer Experience Manager
Kendall has been with risk3sixty for almost five years starting off in consulting and now focuses on fulfilling requirements for audits.
Mary Kathryn Radivoj, Product Manager
Mary Kathryn has been with risk3sixty for a little over two years starting off as an associate and now focuses on representing the company's offerings.
Ideation
In our initial ideation we established and presented three unique ideas to our subject matter experts.
The first option was a safer option very similar to what is currently on the site. It is a refined list view with the same side window with expanded information.
The second option is the most different one with the vendors presented in a tile view.
The third option was a combination of the first two ideas and utilized both a list view for the vendors and a tile dash board for the vendor information.
The first option was a safer option very similar to what is currently on the site. It is a refined list view with the same side window with expanded information.
The second option is the most different one with the vendors presented in a tile view.
The third option was a combination of the first two ideas and utilized both a list view for the vendors and a tile dash board for the vendor information.
Initial Sketches
Low Fidelity Wireframes
Design System
The final design began with the design system. In order to stay familiar the current fullCircle module we stayed used very similar type faces and CTAs. Throughout the module all labels, although meaning different things, used extremely similar styling that was difficult to distinguish. To address this we gave each label its own different styles.
Final Wireframes
The final design was a combination of multiple well informed, purposeful decisions. We needed to balance keeping the module familiar while also optimizing the usability for users.
Vendor Page
Current
Besides the confusing labeling, accessing all of the information of a vendor can be difficult. It is buried within the tabs of the smaller side window and takes a lot of clicks.
Updated
The updated version of the vendor page takes the same information from the old side window with all of the tabs and blows it out into a dashboard so it can be viewed all at once. This emphasizes the important information and makes it extremely accessible without having to click into different tabs.
Review Page
Current
Again, it takes many clicks to actually get to a review from a vendor. Once you do navigate to a review, the layout is almost identical to the vendor page. This can make it confusing for clients to tell which page they are on, especially when they are new to the program.
The most important workflow of the review page is to submit documentation or questionnaires to actually complete the review, however it is an annoying and non obvious process. In order to submit documentation you go into project management tab and add a file. This is confusing because the project management has no indication that it is used for documentation submission. Once you do submit it then gets mix in with all of the other less important comments
The most important workflow of the review page is to submit documentation or questionnaires to actually complete the review, however it is an annoying and non obvious process. In order to submit documentation you go into project management tab and add a file. This is confusing because the project management has no indication that it is used for documentation submission. Once you do submit it then gets mix in with all of the other less important comments
Updated
The new review page is accessed directly within the vendor page to avoid confusion. Similar to the vendor dashboard, all of the information from the old tabs are blown out into a dashboard type view. The documentation submission and questionnaire submission are now separate elements so you can access and submit them even faster.
All Reviews
Current
The current all review page is a good overview of all of the current reviews, however it could be utilized for more
New Home Page
The All Review page was re thought into a Home page where you can quickly see the next reviews coming up. Here you can see the design system in action with the differentiation of the residual risk and review statuses
Vendor Policy
Current
Vendor policies are used to set the key of how risky a vendor should be labeled. It’s supposed to show how residual risk is calculated, define Impact and Likelihood, and explain how often a vendor should be reviewed based on risk. While this information is here, it is hard to understand.
Updated
In the updated Vendor Policy page the same information is displayed, but in a new way. The matrix is replaced by ranges of risk that describe where a vendor falls and includes an explanation of exactly how residual risk is calculated. Also notice the distinctions between the labels of residual risk and impact and likelihood.
Audit Workflow
Current
Finally, perhaps the most tedious workflow in the module is exporting audits. When a client is audited, they need to submit a population of vendors, evidence of reviews with documentation, history logs, and more. There isn’t a designated way to do this so basic screenshots are used to document all vendor information.
New
In the new workflow there is a designated export vendors button that easily exports all the vendor data. You have the option to export whatever the auditor desires including exporting all the vendors, exporting a random population of vendors, or exporting a select few vendors.