VISO TRUST Roles & Permissions

Gillian Langor Updated by Gillian Langor

Roles & Permissions

VISO TRUST includes three organization-level roles that control what users can see and do in the platform. Assign roles based on how each person participates in your third-party risk program.

Role Descriptions

Role Description
Org Admin Full platform access. Manages users, settings, relationships, and all program activity. Best suited for program managers and administrators.
Org User Can create and manage relationships, run assessments, and collaborate on vendor risk. Edit permissions expand on any relationship where the user is assigned as its Business Owner.
Read Only View-only access across the platform. Can see all relationships, assessments, risk metrics, and advisories, but cannot make any changes. Best suited for executives, auditors, or stakeholders who need visibility without edit access.

A note on Business Owner

Business Owner is not a separate role — it is a designation assigned to a specific relationship. Org Users gain additional edit permissions on relationships where they are the Business Owner, such as updating context, managing tags, and adding comments.

A note on assessments

Vendor Assessment submission can only be performed by the vendor, not by platform users. This action is intentionally unavailable to all roles within the platform.

Permissions Reference

Feature

Org Admin

Org User

Read Only

Relationship
Import Relationships Yes No No
List All My Tenant All My Tenant All My Tenant
Create Yes Yes No
Update Relationship Context Yes Yes if Business Owner No
Subscribe / Unsubscribe Contact Yes No No
Manage Tags Yes Yes if Business Owner No
List Comments Yes Yes if Business Owner Yes if Business Owner
Add Comments Yes Yes if Business Owner No
Delete Comments Only My Created Only My Created No
Read Attachments Yes Yes Yes
Add Attachments Yes Yes No
Delete Attachments Yes Yes No

Relationship Business Owner
Update Business Owner Yes No No

Relationship Lifecycle Management
Onboard Yes No No
Mark as Not Onboarded Yes Yes No
Delete Yes No No

Relationship Artifacts
List Artifacts Yes Yes Yes
Add Artifacts Yes Yes No
Delete Artifacts Only My Created Only My Created No
Download Artifacts Yes Yes Yes

Relationship Assessment
Read Yes Yes Yes
Create Yes Yes No
Cancel Yes Yes No
Send Reminder Email Yes Yes No

Artifact Validation
Read Yes Yes if Business Owner Yes
Edit No No No
Artifact validation is reviewed by VISO TRUST analysts. No organization role can edit validation results.

Artifact Control Validation
Read Yes Yes if Business Owner Yes
Control validation is managed by VISO TRUST analysts. No organization role can create, edit, or delete control validations.

Risk Insights
Risk Metrics Yes No Yes
Program Metrics Yes No Yes

Risk Advisories
Generate Impact Report Yes Yes Yes

TRUST
Artifact Intelligence Yes No No
Questionnaires Yes No No
AI Q&A Yes No No

[Settings] Org Profile
Public Profile Edit Yes No No
Notifications Edit Yes No No
Company Logos Edit Yes No No
Manage Domains Yes No No

[Settings] Your Framework
Framework Edit Yes No No
Risk Model Settings Yes No No

[Settings] Questionnaires
Add Questionnaire Yes No No

[Settings] Assessment
Edit Collection Settings Yes No No

[Settings] Tags Management
Read Yes Yes Yes
Create Yes No No
Edit Yes No No
Delete Yes No No

[Settings] User Management
List Yes (For Org/Domains) Yes (For Org/Domains) Yes (For Org/Domains)
Create Yes (For Org/Domains) No No
Edit Yes (For Org/Domains) No No
Delete Yes (For Org/Domains) No No

[Settings] Business Unit Management
List Yes Yes Yes
Create Yes Yes No
Edit Yes Yes No
Delete Yes Yes No

[Settings] Security Controls, Data Types & Audit Types
List Yes Yes Yes
These items are managed by VISO TRUST and cannot be created, edited, or deleted by any organization role.

How did we do?

Notifications & alerts

Contact