Configuring assessment defaults

Calyssa Nowviskie Updated by Calyssa Nowviskie

Configuring assessment defaults

You can now set assessment defaults at both the organization level (applies globally) and the relationship level (applies to individual relationships). These settings help streamline your assessment process, ensure consistency, and reduce repetitive configuration.

TIP: These default settings also apply to assessments started by automation, like scheduled recertification and artifact updates.

Where to find assessment defaults

At the organization level

  • In the main navigation, go to Settings > Assessments > Collection
  • This will set defaults for all relationships in your program, unless otherwise specified.

At the relationship level

  • In a vendor relationship, on the Assessment tab, click the settings gear and select Assessment Settings.
  • This will set the default for all new assessments for this relationship.

At the assessment level

  • Currently, default settings are only applicable to collection requests where you are interacting directly with the vendor.
  • In a vendor relationship, click Add Artifacts and select Request Artifacts. This will open the collection request dialog. Under Advanced Settings, you can adjust the settings for this collection request only.
  • This will not impact the settings for this relationship. If you want to set defaults that will apply to all assessments moving forward, do so under relationship or organization settings.
  • ๐Ÿ‘‰ Learn more about starting an assessment

What defaults can you set?

Request specific artifacts

During a collection request, we will ask the vendor for these artifacts specifically.

  • Add one or more artifacts as required (e.g., SOC 2, ISO 27001, pen test report).
  • Vendors cannot complete the assessment without uploading an artifact or attesting to the presence of the artifact.

Analysis Method

Determines how assessments will be analyzed and validated.

  • AI assessment (Instant results): Receive results seconds after artifacts are submitted. You still have the ability to follow up with the vendor or request an auditor review.
  • AI Assessment + Auditor Review: We'll analyze your assessment using AI, then an auditor will review the results before finalization. You can follow up with the vendor after results are provided. This will extend the time to receive results.

Collection Timeline

Determines how long third parties have to submit their assessment.

No vendor response

  • If there is no response to the collection request by the expiration date, choose how to proceed.
  • Close collection request: We will proceed with any available data.
  • Notify me: You will have the option to extend the collection request and send a reminder email to the vendor.

Automated Follow-Ups

If there are any unvalidated controls or unanswered questions after we review your assessment, you can follow up with the vendor.

  • Always ask before following up: You'll have the option to review the results of the AI assessment and choose to follow up or close the assessment.
  • Conditional based on residual risk: set a threshold based on residual risk to automatically follow up. For example, follow up with the vendor if residual risk is greater than or equal to Medium. For all other assessments, youโ€™ll have the option to review the results of the AI assessment and choose to follow up or close the assessment.

๐Ÿ‘‰ Learn more about follow-up questionnaires

Frequently Asked Questions

How does my configuration work with the defaults for a relationship or my organization?
Organization-level defaults will apply to all assessments, first. If a relationship has a specific assessment configuration, the settings for that relationship will override the organization defaults. You can override all defaults in the Advanced Settings of the Start Collection Request dialog.
Can I change settings after sending a collection request?
You may edit the follow-up method until the vendor has submitted the initial collection attempt. All other settings updates will apply to the next assessment for that relationships.
What happens if required artifacts aren't provided by the vendor?
The vendor will be asked to attest that they either do not have or will not provide the artifact.
I have some questions I need answered manually. How do I do that?
To require a manual response from a vendor, create a questionnaire with manual response configured. ๐Ÿ‘‰ Learn more about questionnaires
How can I set defaults for questionnaires?
Defaults for questionnaires are managed directly on the questionnaire page for each questionnaire. Set questionnaires to be enabled for every relationship, and determine their response type. ๐Ÿ‘‰ Learn more about questionnaires

How did we do?

Request vendor response to risk advisory

VISO TRUST Agentic chat

Contact