Synchrony supplier diviersity.

1. Completing a SIRF requires MetricStream access. An email should be received by the contact provided to your company’s Synchrony Supplier Manager. Note: If an Information Security Assessment is also required you will receive TWO IDs and passwords, please take note to use the proper ID/Password with the correct system.
2. SIRFs are required based on the risks posed by the product(s) or service(s) being provided by a supplier. Synchrony requires completion of questionnaires to assess your control environment. These tasks are known as SIRFs (Supplier Information Request Forms). An email notification will be sent when a SIRF is assigned for completion.
3. Log into MetricStream using the username and Password provided. Once authenticated you will see a page with a navigation tab labeled “My Tasks.” You can also access your tasks/SIRFs from the top navigation– by clicking “New” in green or the “Past due” in red.
4. Click on any of the links in the "My Tasks" list to display your SIRFs.
5. Once the SIRF opens you will see a Pencil icon in the top right hand corner of the page. Click this icon to toggle the form into edit mode.
6. All mandatory questions will be indicated with an asterisk.
7. Attachments can be uploaded within the SIRF. Every question will have an attachment option.
8. Once all questions are completed in the form, scroll to the bottom of the page and you will see a dropdown box labeled “Action;” select “Submit.”
9. Lastly, in the upper right corner a green “check mark” replaced the pencil icon. Please select the green check mark to submit the form.
10. If clarification is required after receipt of the responses, the SIRF will be reinitiated and will be in your queue once more. An email will notify you to return to the SIRF and comments will be made on the questions indicating additional information needed.
11. Past due emails will be sent if the SIRF is not completed within the due date.
12. If you wish to reassign the SIRF to someone else in your company, notify Synchrony at this email address: vm@syf.com

Synchrony is a regulated entity and is required to perform due diligence activities with the suppliers we engage. Having representatives from our Supplier organizations complete these questionnaires directly in our system ensures the most accurate information is provided, so we may assess Supplier Risk appropriately.

Does the internet browser I use matter?

Yes, please use Internet Explorer when you access MetricStream. If you do not have Internet Explorer you may also use Chrome.

First login

The first time when you create a new user ID, you may need to log out and login again for the credentials to work faster.

Can I attach supporting documentation?

Yes. You can attach supporting documentation for every question by leveraging the attachment box to the right of every question in your SIRF.

How can I change my password (all assessments except Information Security)?

You can change your password at: https://ssoregistrar.synchronyfinancial.com/identityiq/external/iiqForgetPassword.jsf

Can more than one person from my company have access to MetricStream to complete the questionnaire?

Yes. Send an email to vm@syf.com along with the First/Last Name of the individual and their email address. A new SSO ID and password will be sent to your colleague.

My name changed; can I update my name in MetricStream?

Yes. You can change your user profile details by logging into the registration portal - https://ssoregistrar.synchronyfinancial.com/identityiq/login.jsf However the User ID will remain the same.

Will I have to fill out an assessment again?

You will be required to complete assessments periodically based a continued relationship with Synchrony

I cannot see my tasks even though my Supplier Manager indicates they should be present

If you cannot see tasks on the main page please check the "My Tasks" drop down icon at the top of the page. If they are not present in the top navigation, then please contact vm@syf.com.

I am a new relationship manager for the Synchrony account; what do I do?

1. Please contact your Supplier Manager and alert them of the contact change
2. You will also need to complete a new user registration, please refer to the ‘Registering a new account link’
3. Once you complete a new registration, please contact vm@syf.com so we can change the Engagement's primary contact and reassign any outstanding tasks/SIRFs

What is the next step after the assessment?

You will be required to complete assessments periodically based a continued relationship with Synchrony

I am getting an error message, which says “Not authorized to View”

This error message appears when someone else from your company has access to the assessment, but is not a registered contact for this engagement. We can help you set it right once you let us know the correct contact at: vm@syf.com

Access Keylight via https://keylight.syf.com/VendorPortal/Portal.aspx

1. Choose Standard Login
2. Login using user credentials for Keylight provided to you by Synchrony
3. Select your Company profile
4. View the Questionnaire tab, then answer the questions for each section

What is a SIRF?

Stands for Supplier Information Request Form. It is a questionnaire used by Information Security to determine if a supplier has information security controls and best practices (e.g. NIST, PCI, ISO 27001) in place.

If we have questions about completing the questionnaire, who do we contact?

Send an email to 3PS.Reviewers@syf.com or contact your Synchrony Supplier Manager.

How do we provide evidence or artifacts to demonstrate control effectiveness?

Suppliers can upload artifacts directly within Keylight Application or send documents using secure email (or Transaction Layer Security ((TLS)) if established with Synchrony).

Can more than one person from my company have access to Keylight to complete the questionnaire?

Yes. Send an email to 3PS.Reviewers@syf.com along with the First/Last Name of the individual and their email address. A representative from the Third Party Security team will respond and send new user credentials to your colleague.