Vendor Management Onboarding
PLNU has a vendor management program in place to manage suppliers, who are also known as vendors. Vendor management includes selecting vendors, negotiating contracts, reducing vendor-related risk, and ensuring service delivery.
PLNU utilizes a solution called OneTrust to perform its vendor management processes.
Starting the process
1. To begin onboarding a vendor, visit https://pl.nu/OneTrust and sign in with your PLNU OneLogin email address.
. 
2. Click Launch under New Vendor Request
3. Please take the time to read the Welcome message and then proceed by clicking the arrow in the bottom right-hand corner of your screen.
Note: The new vendor onboarding form is designed to be dynamic and responsive. As you progress through the form, additional questions may be presented based on your earlier responses, while irrelevant questions will be omitted. This allows us to tailor the onboarding process, ensuring a more efficient and streamlined experience.
Vendor Details
4. Enter the name of your vendor. If you only see “Add option:” in front of the vendor name, please select that one. If you see a match in the drop-down, that vendor is already in OneTrust. Please skip down to New Engagements below for further instructions.
5. Select a date for when you would like to have your vendor onboarded.
6. Enter a summary of the business purpose of the proposed vendor.
7. Provide the name of the supplier sponsor.
The Supplier Sponsor is the University employee who will be the primary point of contact between the supplier/vendor.
Screening Questions
8. If you answer No to question 2.1, question 2.2 will appear. If the answer to 2.2 is No, question 2.5 will appear up.
. 
9. If you answer Yes to question 2.1, question 2.3 will appear to provide the agreement. An attachment is required.
For question 2.3 Be sure to choose the “Add:” option that appears below when you are done typing.
10. Question 2.6 is required to be acknowledged based on the approval and signatory threshold in the screen shot above.
11. Question 2.7, If the contract threshold is met based on the criteria, please select Yes. If not, choose no.
12. Questions 2.8, 2.9, and 2.10 helps identify if the vendor is considered a technology vendor.
13. If question 2.10 is yes, 2.11 will appear asking if the vendor is PCI compliant. If this question isn't applicable, change the answer to 2.10 to No.
14. If the answer to 2.11 is Yes, question 2.12 will appear asking for the PCI AOC to be attached.
Additional Questions
Answer any remaining questions in the next section.
16. When you have answered all the questions and see the text “Click Submit to submit this request”, click on the Submit button at the bottom right-hand corner of the page.
Note: If this button is grayed out, you may have unanswered questions. On the left-hand side of your screen, it should let you know where required questions still need to be answered with a red tag with a white asterisk.
Engagements
For any vendor that has gone through the OneTrust New Vendor Request process and looking to renew a contract or add an additional service, a New Engagement would be utilized.
Vendor and Engagement Details
If you're unsure if the vendor is in OneTrust, start a New Vendor Request. When typing in the name of the vendor, If it shows "Add Option:" (See image 1), that means the vendor has not gone through the OneTrust Process. If you see something populate below (See image 2), that means the vendor has gone through the OneTrust process and you can start a New Engagement.
1.1 
1.2. After you chose the vendor for the New Engagement, Question 1.2 is to Name the Engagement
1.3. Fill out the business purpose if there isn't something listed already. Feel free to add or remove anything below if applicable.
1.4. Choose who would be the best PLNU contact that we could reach out to with any questions. It does not need to be the same person filling out the Engagement.
1.5 & 1.6. Please selected the expected start and end date of the engagement.
1.7 Give us the best contact for the vendor. If it's just their support, please give us the email address.
Screening Questions
2.1 If there is a contract that needs to be reviewed please choose yes, if you have a pre-approved PLNU template contract or a link to a MSA or terms of service choose No which will show additional questions.
2.2. If you have a contract choose yes then an additional question will appear (2.3), otherwise click No to add a link in the next question (2.4).
2.3. First upload the contract using the paperclip icon then type in a name for the attachment in the field below.
2.4. Please add the link below.
2.5, 2.6, 2.7. These three questions will help us determine if this is an IT vendor and if a review is necessary. If you're unsure of the answer to any of these questions please reach out to contacts@pointloma.edu
Once all of the questions have been answered, click on the submit button in the bottom right corner of the window. If the submit button is greyed out, there is a required question that has not been completed yet.
Rejected Requests
What happens next
After submitting the form, the vendor will go through any relevant reviews by internal service departments in IT, Enterprise Risk, and Legal. You will receive email notifications from OneTrust when the process advances through these review steps.
Here is the work flow that the onboarding process will follow:
