Starting an Assessment
VISO TRUST makes it easier than ever to start and manage vendor risk assessments.
After adding a relationship in VISO TRUST, we instantly assess the vendor with publicly available information. If you'd like to dive deeper into this vendor's risk, you have several choices.
1. Request artifacts
When you need to request information directly from your vendor, use a collection request.
- Who should we send this to? Confirm or provide your vendor’s contact details. Optionally, include a personal message that will be added to the collection request email.
- What should we ask for?
- Ask for everything – We’ll ask for artifacts or questionnaire responses to satisfy all in-scope controls.
- Request specific artifacts – We’ll ask for these artifact types specifically.
- Ask specific questions – Ask a few questions directly to the vendor. If you would like us to assess a lengthier questionnaire using artifacts, set up a supplemental questionnaire.We'll collect answers to these questions from the vendor and deliver them to you as a Questionnaire Artifact in the Artifacts tab. These are not associated to a control.
- Advanced Settings (NEW) Customize how your request is managed:
- Automate follow-ups
- Adjust follow-up timeline
- Set vendor response deadlines
- Define what happens when assessments expire
2. Upload artifacts
If you already have a vendor's artifacts or links to public resources, you can provide them directly.
VISO TRUST will automatically classify the artifacts, capture public websites, and analyze them.
3. Public search
VISO TRUST can automatically find and apply open-source information for you.
- What we search for: Compliance attestations, publicly available artifacts, risk advisories, and other news.
- What happens next: We automatically review and update the assessment with the information we find. With AI Assessments enabled, this process happens in seconds. You instantly get an updated assessment populated with publicly available vendor information—no vendor outreach required.
Assessment Timeline
After you start an assessment, the Timeline helps you track progress in real time.
From here, you can:
- View assessment status
- Send reminder emails
- Proceed with available data
- Edit the follow-up method
- Cancel a collection request
Assessment statuses
Started | The collection request has been initiated. |
Collecting information | The vendor has opened the collection request email. |
Processing and review | Artifacts have been submitted and VISO TRUST is analyzing them. |
Review completed | The AI or Auditor has completed their analysis. If the vendor is involved with this assessment, this is when you'll be able to follow-up on unvalidated controls. |
Follow-up sent | The follow-up questionnaire has been sent and is awaiting vendor response. |
Expired | The vendor has not responded to the collection request by the set time. Tip: Choose what happens when a collection request expires in the relationship or organization settings. |
Completed | The assessment is up to date with the latest artifacts. From here, you can accept risk or request remediation. |
AI Assessments and Auditor Reviews
VISO TRUST offers flexibility in how assessments are evaluated:
- AI Assessments – By default, assessments are reviewed and summarized by AI, giving you instant results in seconds.
- AI + Auditor Assessments – For added assurance, you can request an auditor to review the results. This combines AI speed with human expertise, providing an extra layer of validation for high-risk vendors or compliance-critical assessments.
