Now assess security practices and compliance of a potential or existing vendor, faster!
Beta version is being opened for early access via Early Access Center (go to profile on top right corner). We shall continue to make further improvements for new workflow based on feedback.
What is assessment workflow and how does it help?
- New workflow which enables
- Defining templates based on vendor risk tier
- Sending questionnaire
- Analyzing all documents in one place
- Documenting findings along with grouping them under factor
- One Centralized place
- To view and manage all assessments in one place
- For specific vendor assessment manage all questionnaire, findings, documents in one place (like a folder)
How to use new assessment workflow?
1. Where to access New Assessment Workflow?
- Go to your profile in platform (top right corner) >> Click on Early Access >> Find 'New Assessment Workflow' and enable it by turning toggle ON
- Once toggle is ON >> Go to 'Communications Tab' in top navigation bar >> You will see 'Assessments' option >> Click on 'Assessments' to start using new workflow
2. Before starting assessment
(a) Assign a template to each vendor risk level
(b) Define and manage your assessment factors (before or while assessing your vendors)
3. Create assessment
- Add assessment name, for easy tracking later (optional)
- Select vendor scorecard domain (required)
- Select template, based on vendor tier (required)
- Select due date, by when you want assessment to finish (optional)
4. Assessment is successfully created. You can now,
(a) Review assessment details at top (Vendor details, start and due dates, template, business impact)
(b) Manage findings (both from vendor scorecard + create your own as you assess)
(c) Review and Send Questionnaires
(d) Review and analyze all vendor documents in one place
5. Analyze multiple documents leveraging AI
- Analyze multiple vendor documents as part of the assessment to get answers to specific questions.
- Apart from the out-of-the-box question template we provide, you can modify and ask specific question based on your policy.
- Presently we support following document types
- SOC2 Type 1
- SOC2 Type 2
- ISO 270001
- PCI-DSS
- NIST 800-53
- HIPPA
- SIG (Standardized Information Gathering)
- Privacy Policy
- Certificate of Insurance
- Penetration Testing
- Evidence (use this if none of the above one applies)