Understanding Assessment Completion
Understanding Assessment Completion
Overview
When VISO TRUST marks an assessment as Completed, it means all submitted information has been reviewed, findings have been documented, and a risk summary is ready for your review. This article explains what triggers completion, how deadline and expiry behavior works, what to expect when a vendor responds late, and when a new assessment is needed.
What "Completed" Assessment Means
An assessment reaches Completed status when:
- All submitted artifacts and questionnaire responses have been reviewed by VISO TRUST
- Any follow-up questionnaire has been responded to, skipped, or determined to be unnecessary
- An assessment summary has been generated and is available on the relationship page
Once an assessment is completed, you can:
- Review the risk findings and assessment summary
- Accept the residual risk
- Request remediation from the vendor for any identified control gaps
Note: A completed Assessment does not mean that there is no further action required. You still need to review the risk.
How an Assessment Reaches Completion
The path to completion depends on how the assessment was initiated:
- Public Assessment (Conduct Research)
When a vendor relationship is created with a website URL, VISO TRUST automatically conducts a public-source review. The assessment moves directly to Completed once publicly available artifacts and compliance attestations have been analyzed. No vendor involvement is required.
- Artifact Upload (Add Information)
When you upload artifacts directly on behalf of a vendor, the assessment moves to Completed once VISO TRUST finishes analyzing the uploaded documents. No vendor response is needed.
- Vendor Collection Request (Request Information)
When you send a vendor a collection request, the vendor must:
Open the collection portal link
Upload relevant documentation and/or complete the questionnaire
Certify that the submitted information is accurate and submit their response
Once the vendor submits and certifies, VISO TRUST begins its review. If control gaps are identified, a follow-up questionnaire may be issued before the assessment is marked Completed. If no gaps are found, the assessment moves directly to Completed after the review is finished.
At any point during a vendor collection request, you can choose Proceed with Available Data to move the assessment into review using only the information submitted or discovered so far — without waiting for the vendor to respond.
Vendor Attestation
For vendor-involved assessments, the vendor must certify their submission before VISO TRUST can begin its review. This step confirms the accuracy of the information provided.
Until the vendor certifies and submits, the assessment remains in Started or Collecting Information status. If you need to move forward without waiting, use the Proceed with Available Data option at any time.
Deadline and Expiry Behavior
- Expired
If a vendor does not respond by the assessment deadline, the assessment automatically moves to Expired status
Status | What it means | How it's triggered | What you can do |
Expired | The vendor did not respond before the deadline | Automatically triggered when the deadline passes without vendor submission | Start a new assessment |
You can configure assessment deadlines and reminder behavior in Assessment Defaults and Lifecycle Management.
You can also extend the assessment deadline in an ongoing assessment as shown in this video.
- Cancelled
If you manually close an active collection request, the assessment moves to Cancelled status and stops entirely.
Status | What it means | How it's triggered | What you can do |
Cancelled | The assessment request was manually stopped | You clicked 'Close Request' | Start a new assessment |
When a New Assessment Is Needed
Scenario | What Happens |
The assessment has reached Expired or Cancelled status | Start a new assessment from the relationship page |
New artifacts are uploaded to a Completed assessment | A new assessment update begins automatically |
A scheduled recertification/ or, artifact update is triggered via Lifecycle Management | VISO TRUST initiates a new assessment update automatically, or sends a reminder to you or the vendor, depending on your configuration |
The scope of the relationship changes (e.g., new data types or expanded use) | Manually initiate an assessment update to reflect the updated context |
Assessment Completion and Your Broader Review Process
VISO TRUST's Completed status reflects the end of the information review process on the platform. It is separate from your organization's broader third-party risk management workflow, which may include additional steps.
Step | Where It Happens |
Vendor information collection and review | VISO TRUST |
Risk summary and findings | VISO TRUST |
Risk acceptance | Your team, within VISO TRUST |
Remediation tracking | VISO TRUST, collaboratively with you & the vendor |
Contractual, legal, or procurement approvals | Your organization's internal process |
Periodic recertification/ artifact updates | VISO TRUST, via Lifecycle Management |
API Reference
If your organization is integrated with VISO TRUST using API, be sure to reference VISO TRUST API Documentation Guide for relevancy.
