Starting an Assessment

Calyssa Nowviskie Updated by Calyssa Nowviskie

VISO TRUST makes it easier than ever to start and manage vendor risk assessments.

After adding a relationship in VISO TRUST, we instantly assess the vendor with publicly available information. If you'd like to dive deeper into this vendor's risk, you have several choices.

1. Request artifacts

When you need to request information directly from your vendor, use a collection request.

  1. Who should we send this to? Confirm or provide your vendor’s contact details. Optionally, include a personal message that will be added to the collection request email.
  2. What should we ask for?
    1. Ask for everything – We’ll ask for artifacts or questionnaire responses to satisfy all in-scope controls.
    2. Request specific artifacts – We’ll ask for these artifact types specifically.
    3. Ask specific questions – Ask a few questions directly to the vendor. If you would like us to assess a lengthier questionnaire using artifacts, set up a supplemental questionnaire.
      We'll collect answers to these questions from the vendor and deliver them to you as a Questionnaire Artifact in the Artifacts tab. These are not associated to a control.
  3. Advanced Settings (NEW) Customize how your request is managed:
    1. Automate follow-ups
    2. Adjust follow-up timeline
    3. Set vendor response deadlines
    4. Define what happens when assessments expire
Note: Advanced settings can be applied at the assessment level, or configured globally in Organization or Relationship Settings. This is also where you can configure the assessment review method. Learn more

2. Upload artifacts

If you already have a vendor's artifacts or links to public resources, you can provide them directly.

VISO TRUST will automatically classify the artifacts, capture public websites, and analyze them.

💡 You can upload artifacts at any time, even if you’ve already started a collection request or public search assessment.

VISO TRUST can automatically find and apply open-source information for you.

  • What we search for: Compliance attestations, publicly available artifacts, risk advisories, and other news.
  • What happens next: We automatically review and update the assessment with the information we find. With AI Assessments enabled, this process happens in seconds. You instantly get an updated assessment populated with publicly available vendor information—no vendor outreach required.
VISO TRUST automatically initiates a public search during other kinds of assessments. In addition to this, we continuously monitor your vendors for updates to compliance, risk advisories, general news, and publicly available artifacts. Learn more about Continuous Monitoring.

Assessment Timeline

After you start an assessment, the Timeline helps you track progress in real time.

From here, you can:

  • View assessment status
  • Send reminder emails
  • Proceed with available data
  • Edit the follow-up method
  • Cancel a collection request

Assessment statuses

Started

The collection request has been initiated.

Collecting information

The vendor has opened the collection request email.

Processing and review

Artifacts have been submitted and VISO TRUST is analyzing them.

Review completed

The AI or Auditor has completed their analysis. If the vendor is involved with this assessment, this is when you'll be able to follow-up on unvalidated controls.

Follow-up sent

The follow-up questionnaire has been sent and is awaiting vendor response.

Expired

The vendor has not responded to the collection request by the set time. Tip: Choose what happens when a collection request expires in the relationship or organization settings.

Completed

The assessment is up to date with the latest artifacts. From here, you can accept risk or request remediation.

AI Assessments and Auditor Reviews

VISO TRUST offers flexibility in how assessments are evaluated:

  • AI Assessments – By default, assessments are reviewed and summarized by AI, giving you instant results in seconds.
You'll still have the option to request auditor review after AI Assessment results are delivered.
  • AI + Auditor Assessments – For added assurance, you can request an auditor to review the results. This combines AI speed with human expertise, providing an extra layer of validation for high-risk vendors or compliance-critical assessments.
The toggle for AI vs AI + Auditor can be set at the Organization or Relationship Settings level, giving you control on a per-vendor basis. Learn more

👉 Understanding Assessment Results in VISO TRUST

👉 Configuring Assessment Defaults

How did we do?

Frequently Asked Questions

Understanding Assessment Results

Contact