GM SupplyPower Audits

GM SupplyPower follows a delegated administration model which means supplier administrators are responsible for onboarding and offboarding their own users following initial company onboarding into the GM SupplyPower portal.

GM requires that all systems and applications perform access control reviews twice a year in order to secure GM data.  This policy includes GM SupplyPower.

Supplier users assigned the security administrator role in Covisint are contacted via email at the beginning of the audit with instructions on how to validate their users within a specific time frame.  This email includes a warning that failure to complete the audit will result in the company losing access to GM SupplyPower and all of the backend applications.

At the conclusion of audit, non-compliant organizations are  suspended, preventing individual users from logging into the portal and any GM SupplyPower applications.  An email is sent to the supplier security administrator when the access has been suspended along with an explanation. Companies can regain access to SupplyPower once they complete the audit and contact the Covisint service desk.  Covisint contacts GM to reinstate access after GM validates the audit has been completed.  

To prevent loss of access, suppliers MUST comply with the audit within the GM specified time frame.

Audit Tips: 

• Supplier administrators can review the list of users who have access to GM SupplyPower at any time by accessing the Covisint Connection and Administration application.
  
  
• Users that have not logged into GM SupplyPower within 90 days will have an inactive status. A manual password reset does not change this status. 
  
  
• Please remove the GM SupplyPower service package from  users that do not require access to GM SupplyPower any longer.  Suspending a user only prevents the user from being able to access the portal.  However, the user still remains in the system.  If a user no longer requires access to GM SupplyPower, supplier administrators are responsible for removing the package.  
  
  
• Do not reassign user IDs to new users.  This is in violation of GM policy.
  
  
• For your company's own protection, please immediately delete any user that no longer works for your company.

Please contact the Covisint service desk if you require any assistance with off-boarding users.