Configuring assessment defaults

Calyssa Nowviskie Updated by Calyssa Nowviskie

Configuring assessment defaults

You can now set assessment defaults at both the organization level (applies globally) and the relationship level (applies to individual relationships). These settings help streamline your assessment process, ensure consistency, and reduce repetitive configuration.

TIP: These default settings also apply to assessments started by automation, like scheduled recertification and artifact updates.

Where to find assessment defaults

At the organization level

  • In the main navigation, go to Settings > Assessments > Collection
  • This will set defaults for all relationships in your program, unless otherwise specified.

At the relationship level

  • In a vendor relationship, on the Assessment tab, click the settings gear and select Assessment Settings.
  • This will set the default for all new assessments for this relationship.

At the assessment level

  • Currently, default settings are only applicable to collection requests where you are interacting directly with the vendor.
  • In a vendor relationship, click Add Artifacts and select Request Artifacts. This will open the collection request dialog. Under Advanced Settings, you can adjust the settings for this collection request only.
  • This will not impact the settings for this relationship. If you want to set defaults that will apply to all assessments moving forward, do so under relationship or organization settings.
  • 👉 Learn more about starting an assessment

What defaults can you set?

Request specific artifacts

During a collection request, we will ask the vendor for these artifacts specifically.

  • Add one or more artifacts as required (e.g., SOC 2, ISO 27001, pen test report).
  • Vendors cannot complete the assessment without uploading an artifact or attesting to the presence of the artifact.

Ask specific questions

Ask a few questions directly to the vendor.

  • Vendors will not be able to submit the assessment without providing a manual response to these questions.
  • Responses to these questions will be captured as a Questionnaire Artifact and can be found in the Artifacts tab of the relationship.
NOTE: The "Ask specific questions" feature is only available for a single relationship or assessment. Have questions you want to reuse across vendors in your program? Supplemental questionnaires are a great way to require a response to a standardized set of questions you want to address with every vendor.

Analysis Method

Determines how assessments will be analyzed and validated.

  • AI assessment (Instant results): Receive results seconds after artifacts are submitted. You still have the ability to follow up with the vendor or request an auditor review.
  • AI Assessment + Auditor Review: We'll analyze your assessment using AI, then an auditor will review the results before finalization. You can follow up with the vendor after results are provided. This will extend the time to receive results.

Collection Timeline

Determines how long third parties have to submit their assessment.

No vendor response

  • If there is no response to the collection request by the expiration date, choose how to proceed.
  • Close collection request: We will proceed with any available data.
  • Notify me: You will have the option to extend the collection request and send a reminder email to the vendor.

Automated Follow-Ups

If there are any unvalidated controls or unanswered questions after we review your assessment, you can follow up with the vendor.

  • Always ask before following up: You'll have the option to review the results of the AI assessment and choose to follow up or close the assessment.
  • Conditional based on residual risk: set a threshold based on residual risk to automatically follow up. For example, follow up with the vendor if residual risk is greater than or equal to Medium. For all other assessments, you’ll have the option to review the results of the AI assessment and choose to follow up or close the assessment.

👉 Learn more about follow-up questionnaires

Frequently Asked Questions

How does my configuration override the defaults for a relationship or my organization?

Organization-level defaults will apply to all assessments. If a relationship has a specific assessment configuration, the settings for that relationship will override the organization defaults. You can override all defaults in the Advanced Settings of the Start Collection Request dialog.

Can I change defaults after launching a collection request?

You can edit the follow up method until the vendor has submitted the initial collection attempt. All other settings cannot be changed without first cancelling the assessment.

What happens if required artifacts aren’t provided by the vendor?

The vendor will be asked to attest that they either do not have or will not provide the artifact.

How did we do?

Follow-up questionnaires

Continuous Monitoring

Contact