Skip to main content

Managing vendor risk assessments

This article covers the lifecycle of vendor risk Assessments in TPRM Core, from launching AI-driven analysis to finalizing responses.

Written by Danielle Moerman
Updated this week

Overview

The Assessments tab is your central command center for launching, tracking, and managing the entire lifecycle of your vendor risk evaluations. From this area, you can monitor key performance indicators (KPIs) based on activity from the last 90 days.

Key benefits

  • Monitor total assessments to see the volume of evaluations currently in progress or completed.

  • Review average compliance and risk scores for a high-level look at the security posture of the vendor profile.

  • Track assessment coverage to gain insights into the percentage of vendors successfully vetted.

  • Organize workflows by filtering the assessment list by vendor name or status.

  • Access archives to reference historical data or past vendor performance.

Below the summary widgets, you can manage your active pipeline:

  • Filter and sort: Organize your assessment list by vendor name or status (e.g., note started, in progress, or completed) to stay on top of deadlines.

  • Archive access: View archived assessments to reference historical data or past vendor performance.

Starting an Assessment

To collect risk data from a customer, you must first initiate an assessment. You can do this when creating a new vendor or by selecting the Start Assessment button in the Assessments tab.

When starting an assessment, you can choose between two primary methods:

Analyze documents with AI

This AI-driven workflow streamlines the review of evidence, such as a SOC 2 report.

  1. Navigate to the Assessments tab.

  2. Click Start Assessment.

  3. Upload documentation or select the option to request it directly from the customer.

  4. Review the AI-generated insights based on the provided document.

  5. Communicate with the customer to clarify findings or request additional evidence.

Send questionnaire to vendor

This workflow allows you to gather specific data points through direct inquiry.

  1. Navigate to the Assessments tab.

  2. Click Start Assessment.

  3. Send a tailored questionnaire to the customer contact.

  4. Review the customer's submitted answers within Hyperproof.

  5. Opt to reopen questions or request more details based on the initial submission.

Note: Once an assessment is initiated, you will receive an email notification when the AI analysis is generated or when the customer completes their required information.

Below is a video tutorial walking you through how to start an assessment for a vendor using the analyze documents with AI option and the send questionnaire to vendor option.

Reviewing and managing Assessments

To open a specific assessment, click the hyperlinked assessment name in the list.

The Assessment overview

Inside the assessment, you can view high-level metadata and manage your intake files:

  • Key details: View the vendor name, creation date, and current status.

  • Intake management: Update intake information or upload additional supporting documents at any time.

  • Scoring (AI analysis): If you are using the AI workflow, the platform calculates a questionnaire compliance score and a risk score.

Note: The final risk score is finalized once the analysis has been reviewed.

Working with questions

The assessment interface is designed for granular review. Use the left-hand panel to navigate sections and questions. For each question, you can:

  • Review the AI-generated summary or customer response.

  • Add internal notes for the team.

  • Flag questions for follow-up or create a specific risk.

  • Mark the question as done to track progress.

  • Global controls use the top-level buttons to create overall risks or initiate a general follow-up for the entire assessment.

Search and filters

Quickly locate specific data points using the search bar. Or filter by:

  • Status: All, Done, Not done, Risk, and Followup.

  • Metrics: Filter by specific risk or compliance scores.

Completing the Assessment

Once you have reviewed all responses, finalized follow-ups, and identified necessary risks, you can officially complete the assessment.

Click the arrow below to learn more:

Finalizing an Assessment

  1. Click the Complete button.

  2. A confirmation message displays.

  3. Click Confirm to move the assessment status to completed.

Important considerations:

  • Data finalization: After completion, you can't add further risks directly from the AI-generated responses. Ensure all findings are documented before confirming.

  • AI processing: Once confirmed, allow a few moments for the system to finalize the AI analysis and generate the final report metrics.

  • Reopening: If you need to make updates later, you can reopen the assessment at any time.

Once you follow the prompts, Hyperproof sets the assessment status to completed.

Exporting an Assessment

To export the questions from a specific assessment, follow these steps:

  1. Navigate to the Assessment tab.

  2. Click the name of the assessment you want to explore.

  3. Click Export.

The system generates a .xlsx file containing all the assessment questions.

Related Articles
Getting started with third-party risk management (TPRM) Core
Vendor catalog
Risk Register
Creating an ISO 27001 Statement of Applicability
Did this answer your question?