The supplier register
Tellus's third-party register: how suppliers are recorded, classified, and how supplier risk is expressed without a single trust score.
The Suppliers area is your third-party vendor register. It holds one record per supplier your organisation depends on, captures how much each one matters to you, and accumulates the reviews, findings, contracts, and links that describe your relationship over time.
It is a company-wide register. Every supplier endpoint is gated by the company-scope permissions supplier:read, supplier:create, supplier:update, and supplier:delete. Unlike incidents or risks, suppliers have no per-record ownership grant: anyone with supplier:read sees every supplier, and anyone with supplier:update can edit all of them.
How the register is laid out
Suppliers uses a master-detail layout. The left rail is a searchable, filterable list of every supplier in your company; selecting one renders its full workspace on the right.
- Search matches on supplier name.
- Status and Criticality filter buttons narrow the list.
- The selected supplier appears in the address bar, so a link points straight at it.
- Archived suppliers are hidden from the list by default.
Each supplier's workspace has six tabs: Reviews, Contacts, Contracts, Risk & Assets, Events, and Findings.
What you'll see as a member
The screenshots here are an admin's view. Whether you see Suppliers at all depends on your access: company admins and members can open it, but users whose access is purely framework-scoped don't get a Suppliers entry in the nav. When you can see it, viewing is company-wide but read-only for members — you'll see the supplier list, reviews, questionnaires, and findings, but the New button and the edit/archive controls only appear for admins.
How Tellus expresses supplier risk
There is no single numeric "trust score" in Tellus. You read a supplier's risk posture from several independent signals instead:
- Criticality — how much the supplier matters to you (
low,medium,high,critical), defaulting tomedium. This is a deliberate, separate axis from any risk or quality judgement. - Status — the lifecycle state of the record (
draft,active,inactive,archived). - Reviews and findings — the assessment cycles you run and the issues they surface, recorded over time.
- Linked risks, assets, and incidents — what the supplier touches in the rest of Tellus.
Both Status and Criticality are validated against per-company registries (supplier_status and supplier_criticality), not a fixed enum. The four values listed for each are the seeded defaults; a company can extend or rename them. The only structural rule is that a supplier's status cannot be set to archived through the create or edit form — archiving is a separate action.
A per-supplier SupplierRiskProfile does exist on the Risk & Assets tab, with inherent, residual, and review scores. These scores are entered manually — nothing in Tellus calculates them automatically — and in practice they are usually left blank. See Linking risks & assets.
In this section
Adding a supplier
Create a supplier record with the New form and set its status, criticality, and owner.
Supplier reviews
Open a review cycle, build and send questionnaires, and gather vendor answers.
Questionnaire templates
Build reusable, company-owned questionnaires to reuse across reviews.
Contracts
Record a supplier's agreements and track renewal and expiry dates.
Contacts & findings
Manage supplier contacts for the portal and raise findings inside reviews.
Linking risks & assets
Connect risks, assets, and incidents to a supplier and read its risk profile.