The Vendor Risk Assessment (VRA) process plays an important role in helping protect university data and ensuring appropriate review of software or technology purchases across UC Davis. 

Like many processes at a large and decentralized institution, the VRA process at UC Davis involves collaboration across multiple teams, compliance requirements, and review points. Communication often lives in email. It can be hard to understand what is needed, where a request stands, or how to move work forward effectively.

For Naomi Silguero, Security Analyst in Administrative Innovation & Technology (AdminIT), this was an opportunity to improve the customer experience for the Finance, Operations and Administration (FOA) units supported by AdminIT. 

Creating Line-of-Sight into the Process

A few years ago, Naomi partnered with AdminIT’s Office of Business Transformation to better understand the full end-to-end process. Together, they mapped the current state from software request through vendor approval and access for procuring products and services. 

What they uncovered was not just complexity. It was a lack of visibility. 

So they changed they experience. 

While the underlying VRA requirements are established to meet university-wide security and compliance standards, Naomi recognized an opportunity to improve customer experience through clearer communication, greater transparency, more consistent practices, and easier navigation of the process.

Naomi and her team translated the process into something customers could actually use. They built checklists, standardized key steps, and created a dynamic, clickable workflow that allows users to navigate the process themselves.

Today, the entire process lives in a single, interactive map. Each step connects directly to the guidance, documentation, and actions needed to move forward. Instead of searching through emails or guessing what comes next, users can follow the process, click into what they need, and keep their request moving. 

Explore VRA Resources for FOA Units

This work did more than simplify a process. It made it visible. It also changed how support is delivered - customers now receive clearer guidance and more consistent communication, reducing delays and frustration. 

This work was supported by AdminIT leadership, including Ken Ezeh and Radhika Prabhu, who empowered Naomi and the team to continue evolving and improving the process over time. 

Building a Culture of Continuous Improvement

Naomi did not do this alone. When she recruited student employees, she invested in their development by enrolling them in Lean training. Rather than serving as the sole bridge between Information Security and customers, she built capability within her team to support and improve the process together. That investment created momentum. 

Six months ago, when asked to streamline the process again and reduce complexity in software purchasing, Naomi and her team were ready. Building on their earlier work, they revisited the process, updated standards, and simplified key parts of the experience from both the customer and operational sides, resulting in a $45,000 software license savings and 30% staff capacity savings.

Naomi's work is a reminder that even the most complex processes can be designed to be more transparent, more navigable, and more human. 

And sometimes, the most powerful improvement is simple: make the work visible.