Vendor Management and Custom Audits: Privacy - April 2024 🎨 ✅
We now introduce the first version of our Vendor Management and Custom Audits Module in Privacy. Add, edit, and manage vendors effortlessly and send custom-made audits directly to your vendors from Privacy. Stay in the loop with real-time status updates and receive a comprehensive report upon audit completion.
Manage your vendors in Privacy
We've expanded our vendor page in Privacy with new functionalities. The page empowers you to add, edit, and manage vendors effortlessly. Furthermore, you can associate a responsible to the vendor and add business areas, compliance areas and certifications. Get a comprehensive oversight of all your vendors and handle centralised management of all vendor-related activities in one place.
Soon you will also be able to conduct risk classifications of your vendors and vendor assets within different compliance areas.
We've renamed the menu item that previous was named "Companies" to "Legal entities". So instead of having one page with all companies they have now been categorised into three submenu items:
- Vendors
- Customers
- Others (Authorities, Collaboration partners etc.)
The legal entities have been divided into the submenu items according to the "type" that has been specified on the legal entity. If you previous have created companies without a type they will appear under "Vendors". If you want any of your legal entities to appear under a different submenu (eg. a vendor should appear as a customer instead) simply change the type of the legal entity in step 1 "Description" in the create/edit flow. If you want a legal entity to appear under more than one submenu item simply select two, or more, types in the type dropdown.
Furthermore, the page "Group Companies" has been moved from "Settings" to a submenu item under "Legal entities" too, so all legal entities is gathered in one place. The submenu item "Group Companies" is only visible to admins.
Moreover a new creation flow has been made. The old create-dialogue has now been expanded to a creation flow with three steps:
- Step 1: Description: Name, Address, Country, Company registration number, Website, Type and Approved/Not approved.
- Step 2: Association: Responsible and Business areas.
- Step 3: Compliance areas and certifications: Only visible to those with the ISMS plan.
The overview is also updated with this new information. Also, the creation flow is identical for all legal entities.
If a third country was chosen in the old create-dialogue the user was asked to state whether TIA and transfer basis (and in some cases level of protection) was required. This information has been removed from the creation flow, because it is only relevant for legal entities that acts as data processors. If a legal entity is placed in a third country, you can now add these third country informations under "Edit" --> "Third country settings".
Create custom audits
We are thrilled to introduce a new feature that allows your team to create custom audits and assessments that reflect the requirements of your business. With our Custom Audit Module, designing and implementing personalized audits has never been easier, allowing you to address specific compliance and operational needs effectively.
The custom audit module can be used for various purposes, such as:
- Vendor screening
- Vendor assessment
- Vendor security assessment
- Data Privacy and Protection Assessment
- And much more...
Overview of audits
Under audit settings you can see a comprehensive list of the audits you have created. The list consists of the audit name, associated compliance areas, type, activation date, version and status. If you wish to see archived audits, simply toggle to "Archived" at the top of the list.
Create new audit
As an administrator, you can create a new audit template. Provide an internal name, an internal description (optional) and specify the compliance areas that the audit should cover (optional). Following creation, you can now add a titel and description to your audit, which will be visible to the respondent.
You can also create a copy of an audit that you previously created. This way you don't have to start from scratch and the questions, branching logic, sections and other design setting are transferred to the copy.
Questions
A question consists of an autogenerated number, a title, a description (optional) and a question type. Adding questions you can choose between four different question types: Multiple choice, checkboxes, text field and date.
- Single select: Respondents can select one answer from the list of answer options (Selected by default)
- Multiple select: Respondents can select multiple answers from the list of answer options
- Text field: Respondents can write a text to your question
- Date: Respondents can enter a specific date
You can switch the question type using the dropdown menu to the right of the question text.
Add a new question by clicking the button "New question" at the bottom of the page or click the plus icon within a question. If you click the button the new question will appear at the bottom of the page, while clicking the plus icon will insert the new question right below the one you have inserted it from.
Sections
If you have a long survey you can break it into multiple sections. The section function helps you to organize the audit, so it is easier for the respondent to answer and get an overview of the audit structure. A section therefore consists of one or more questions. Questions in the same section will appear on the same page in the respondent view. Furthermore, you have the option to choose a different color for each section.
Add branching logic
You can also add branching logic to your audit. Branching is a functionality that changes what question a respondent sees next based on how they answer the current question. The branching creates a custom path through the audit that varies based on a respondent's answers. You can make branches to questions within the same section or to the first question in another section.
Move a question
You can move a question to another position in the audit. Click and drag the question to the desired position in the survey. If the question has a branching logic applied, make sure to test the logic paths thoroughly before sending the audit to your respondents. If you move a question with a branching logic, so that an answer option is set to skip to a previous question, the branching will not be enforced in the answer. If this happens a warning will appear.
Required question
You can make any question in your audit required so that respondents must answer it before they can submit the audit. By default, required questions are marked by an asterisk (*).
Copy question
Copying a question will create a duplicate version of the question in the same audit. If you copy a question the new question will appear right below the question you have copied. Branching logic from the original question will also carry over to the copied version.
Delete question
Click the question you want to delete and click the trashcan icon. Deleted questions cannot be restored.
Preview and testing
Before sending the audit, you can preview it in order to make sure, that everything looks and works as expected. Click the eye icon at the top of the audit page. Check that any features you added, such as branching logic, sections and required questions are functioning properly. When you are finished with testing you're ready to activate your audit. Simply click the button "Activate template" at the top of the page.
Audit status
An audit can have one of three statuses:
- Draft: An audit is a draft until it is activated. A draft cannot be send to repsondents.
- Active: When a draft is activated it will change status to "Active". Active audits can be send to respondents. Active audits are locked and cannot be edited. If you want to edit an active audit, you will have to create a new version or a copy of the audit.
- Archived: You also have the option to archive an audit. Only active audits can be archived. Once an audit is archived, the status cannot be modified, and consequently, you will be unable to send out this particular audit. It’s important to note that if there are any ongoing questionnaires associated with the audit, they can still be answered. To access archived audits toggle to "Archived" at the top of the audit overview.
Version
An audit has an automatic version specified. The first version is called "1", the second version "2" and so on. Adding a new version, instead of a copy, can for example make sense if you have to correct any grammatical errors or change the text of a question or a possible answer. The new audit will be linked to the original audit, whereas a copied audit will be independent and not linked to the original audit. If you want to edit an audit with the status “Active” a new version must be created. The new version is a draft until it is published. When it is published the old version will automatically be archived. You can still access the old version and see responses related to the old version.
Send out audits
When your audit is activated you're ready to send it to your respondents. Go to the menu item "Legal entities" and choose the legal entity that the audit should be sent to. On the legal entity page you should now go to the tab named "Audits". Here is a button named "Send audit". Select which audit you want to send. In the dropdown menu you can choose between all active audit templates. Now choose the contact the audit should be sent to. The contacts you can choose between in the dropdown menu are the ones you have created under the tab "Contacts" at the company page. The role of the contact is stated in parentheses after the name. Afterwards, select the individual who will be responsible for the audit process. The chosen person’s name and email will be included in the email sent to the designated contact.
Next choose a deadline for the contact to complete the audit. The contact will still be able to submit the audit after the deadline, so it is only for the formalisation. The deadline will be stated in the email sent to the contact. Last you can also choose if the audit should be answered in relation to one or more specific assets. You do not need to select any assets in order to send your audit.
Click "Next" at the bottom of the dialogue and select whether the audit should be sent on behalf of the entire group or a single group company. The name of the entire group or the selected group company will appear as the sender in the email sent to the respondent. If it’s chosen that the audit should be sent from the entire group, all users will have access to it in the audit overview. If, on the other hand, a group company is selected as the sender, only users who have permission to the chosen group company, will have access to the audit in the overview. If a user only has access to one group company this step will not be shown, and the audit will be sent from that particular group company.
Finally, you can see a summary of the chosen elements before sending the audit. For example you can check that the email of the contact is right. If it isn't - this should be changed under the "Contacts" tab. When you click "Send" it triggers an email that will be send to the contact. The email contains a link to the audit.
Follow up on audits and receive real-time status updates
Staying on top of audit outcomes is crucial for continuous improvement and compliance management. Our platform enables you to follow up on audits efficiently, ensuring that actions are taken on findings and that your organisation remains in compliance.
Under the "Audits" tab on a company you can see a list of the audits you have send. The list consist of audit name, version, date for when the audit was sent, deadline, assets (if any), contact, responsible, the company it was sent from, status, report and note.
An audit can have one of the following statuses:
- Sent: This status will appear as soon as the audit has been sent to the respondent.
- Opened: This status will appear when the respondent has clicked the link to the audit in the email they have received.
- X/X: If an audit doesn't have any branching you will be able to see how many questions the respondent has answered. Eg. 8/15.
- Submitted: This status will appear when the respondent has clicked "Submit".
You can hover on all statuses and see when the respondent last was active.
You can also close an audit if for some reason an audit does not need to be answered anyway. In the overflow menu select "Close audit" and select one of the following reasons:
- Audit opinion
- Does not want to respond
- Does not need to respond
- Other
Email notifications
When a respondent click "Submit" the responsible will receive an email, that informs that the audit has been submitted. Furthermore, the respondent will receive an email that confirms the submission.
Audit report
The result of the audit can be seen in the audit report shown on the audit tab. You have the possibility to open the report in a browser or download it as a pdf. Based on the report you will have to take action if some of the answers doesn't match you compliance level. If more needs to be done to ensure that compliance and improvement goals are met, you can write this in the notes on the audit. Also, you can use the annual wheel to create and follow-up on tasks related to the audit.
We hope you will enjoy the new features 🎉