HeliosGroup/vendor-onboarding-l4
MCP Server
Active
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vendor-onboarding-l4/README.md
rg4444 d1ca643d94 init
2026-03-21 20:17:36 +02:00

72 lines
3.1 KiB
Markdown
Raw Permalink Blame History

# Vendor Onboarding & Approval — UAPF Level 4 Process Package
> **HeliosGroup** · Procurement Operations · Process-as-Code
## Overview
This repository contains a fully executable, AI-governed **Level-4 UAPF process package** for the end-to-end Vendor Onboarding & Approval workflow at HeliosGroup.
The process covers everything from initial vendor submission through sanctions screening, financial risk scoring, legal review, and IT provisioning — with AI agents orchestrating compliance checks at every gate.
## Process Summary
| Stage | Owner | AI Role |
|---|---|---|
| Vendor Submission | Procurement Officer | Form validation & completeness check |
| Sanctions & Compliance Screening | AI Compliance Agent | Real-time OFAC/EU sanctions lookup |
| Financial Risk Scoring | Finance & Tax | DMN-driven risk tier assignment |
| Legal Review | Legal & Contracts | AI-assisted contract clause review |
| IT Provisioning | IT Systems | Automated account & access setup |
| Approval & Activation | Procurement Officer | Final sign-off with audit trail |
## Repository Structure
```
vendor-onboarding-l4/
├── uapf.yaml # UAPF L4 package manifest
├── enterprise/
│ └── enterprise.yaml # Enterprise index reference
├── bpmn/
│ └── vendor-onboarding.bpmn.xml # Main process (5 swim lanes)
├── dmn/
│ └── vendor-risk-scoring.dmn.xml # Risk tier decision table
├── cmmn/
│ └── sanctions-exception.cmmn.xml # Sanctions escalation case
├── resources/
│ └── mappings.yaml # System & agent bindings
├── metadata/
│ ├── lifecycle.yaml
│ └── ownership.yaml
├── processgit.mcp.yaml # MCP server configuration
└── agent.chat.yaml # AI chat assistant configuration
```
## Key Features
- **AI-first design** — Sanctions screening, risk scoring, and contract review are all AI-executed tasks
- **Sanctions exception handling** — Dedicated CMMN case manages the full escalation path when a vendor matches a watchlist
- **DMN risk scoring** — Vendor risk tier is computed from country risk, financial health, and ownership structure
- **MCP-accessible** — All process data is queryable by AI agents via the built-in MCP server
- **Full audit trail** — Every decision is version-controlled and replayable
## Quick Start (Chat Assistant)
This repository includes an AI chat assistant. Click the **Chat** icon in the file tree to ask questions like:
- *"What should I do if the onboarding organization is under sanctions?"*
- *"Describe the full vendor onboarding process"*
- *"What documents are required for a Tier 1 high-risk vendor?"*
- *"Who approves vendors from high-risk jurisdictions?"*
## Standards & Compliance
- UAPF v1.0 compliant (Level 4 — executable process)
- BPMN 2.0 · DMN 1.3 · CMMN 1.1
- OFAC / EU Consolidated Sanctions List screening
- GDPR-aware data handling (vendor PII minimized)
- EU AI Act Art. 9 risk management documentation
---
*Powered by [ProcessGit](https://processgit.org) — Git for Processes*
Reference in New Issue View Git Blame Copy Permalink