3rdRisk Help Center
3rdRisk.com
3rdRisk Help Center
3rdRisk.com
Platform setup
Functional setup
Initial platform setup
Third party management
Third-party management high-level processContract catalogueThird-party catalogueEcosystem
Compliance management
Controls
Frameworks
Risk management
Risk management high-level processRisk register
Incident management
Incident Management high-level processIncident managementIncident management notification overview
Assessments
Ecosystem assessments
How to enable multi-factor authentication (MFA) on your assessmentExtended reportingEcosystem assessment management high-level processReview a self-assessmentFill in a self-assessmentCreate a self-assessmentCreate your own yes/no questionnaireCreate your own score-based questionnaireDownload best-practice questionnairesAssessment template libraryAssessment overviewEcosystem assessment notification overview
Internal control assessments
Issues and action plans
IssuesAction plansIssue and action plan management high-level processIssues and action plans notification overview
Remediation plans
Remediation plans
Platform
DashboardContent hubMessages
Security
Authorisation matrixTwo-factor (2FA) authenticationAudit logForgotten usernameUpdate password
Integrations
Communication
Business Intelligence
External ratings
Single sign-on
Data
Corporate tooling
Platform update
Platform updates

Review a self-assessment

An assessment needs to be reviewed when a third party submits it. The platform will notify all the assigned reviewers via email when the review of the provided answers can be performed.

Start the review

The reviewer can either open the link in the email or

  1. Navigate to: Left side menu: Assessments - Review
  2. Search for the assessment you would like to review
  3. Click on the sub-menu in the 'Actions column' and click 'Review assessment'

4. The review page will open.

Review page structure

The review page consists of three main sections:

  • Assessment characteristics (top)
  • Answer analysis (middle)
  • The Questions (bottom)

Assessment characteristics

The header section of the review page contains all the essential characteristics of the assessment:

  1. Title of the assessment.
  2. The associated third-party, including risk profile.
  3. Assessment creation date and creator.
  4. Submit details - Date and name, including the position of the submitter.
  5. The third-party contract(s), including the assigned risk profile, that are in scope of this assessment.
  6. Reviewers of the assessment. If you mouse over, you can also see the full name.

Answer analysis

In the middle section, you see the initial scoring analysis performed by the platform.

The scoring is based on the questions' weights and given answers defined in the assessment config.

Score based questionnaire template

The platform will calculate a domain score on the right side if you also used domains in the assessment template. You can easily click on a domain to filter it quickly. The questions of that domain will be filtered in the bottom section. This panel allows you to quickly get an overview of the overall score and specifically drill down into potential problem areas (domains with a low score).

Provided response

The assessments questions and provided answers are listed in the bottom section:

This section contains advanced filters (1) and bulk actions (2) to increase your review efficiency.

You can use those filters to, e.g. quickly filter on all questions with a score of >90%, which you can accept via a bulk action. This allows you to use your time to focus on the problem areas.

It is good to know that it is a multi-select filter, so you also decide to filter on quickly:

  • All questions with a score of >90% +
  • That do not contain an assessment +
  • That do not contain a comment.

On the right side, the platform also provides you with an overview if there is a comment (balloon) or attachment (paperclip) provided by the third party:

You can easily click on the icon to view the comment or attachment.

Perform your review

You can open de review window by:

  • Clicking on the bottom [Start review]. If you make a selection with the filters, it will start the review for that filtered selection.
  • Click on any question title.

Please note that all reviewers can review each other's questions by default. This can be practical in case of absence or workload. The associated reviewer will automatically be updated by the system when a review on a specific question is performed by someone else.

The review window will open.

Review panel structure

1. General
The first tab provides a general overview of the question and the provided answer.

3rdRisk - review panel - general

2. Comments
In this tab, you can view the provided comments by the third party, and if you select Ask for additional clarification (tab 1) you can also quickly respond to these.

3rdRisk - review panel - comments

 

3. Files
In this tab, you view the provided files by the third party. You have the option to view or download the file and, when required, manually add a file. This could be handy if the supplier provides evidence alternatively, e.g. a SOC report is provided via e-mail or you downloaded it from their compliance portal.

3rdRisk - review panel - files

 

4. Notes
These are internal sticky notes that can only be seen by your internal colleagues and are not communicated to your third party. This can be handy to provide some additional context to your review decision.

3rdRisk - review panel - notes

Review decision options

The grey box at the bottom of the first tab (general) gives the response options that you have:

3rdRisk - review panel - general - review options

 

Review decisionDescription
Ask for additional clarification

Use this option if you have questions about the provided answer, comment and/or attached documents.

Define your question/concern on tab 2 (comments). At the end of your review, all the questions with this status will be re-opened in the assessment portal, and your third party will receive a new invitation.

Create remediation plan

Based on the provided information and communication between you and the third party, you can decide to create a remediation plan.

Remediation plan
At the end of your review, all the questions with this status will be registered in the remediation plan module, and the questions will be closed.

The remediation plan will be added to the final report, but the third party will not be proactively notified about this remediation plan by default.

Accept the answerYou decide to accept the answer based on the provided information and communication between you and the third party.

In the overview table, you can easily see the review decision:

  • Mouse over to view the icon description.

Finalize your review

When all the reviewers have performed their review, the top button will be activated (coloured green), and the review button will be deactivated (coloured grey).

The top button can have two statuses:

  • Change status to in progress - some questions need additional clarification from the third party. Questions with this review decision will be re-opened in the assessment portal, and your third party will receive a new invitation. The assessment will be set again to In progress. You will be informed when the third party responds to your review comments. The review cycle starts again for only the open questions.
  • Finish assessment - all answers are accepted, and the assessment will be finished, and the platform will ask you to provide an overall assessment conclusion:

After that, the assessment will be set to Finished:

Generate final report

For assessments that are finished, you can view or download the final report:

This is just an example best-practice report template from our platform. Typically these reports are corporate branded.

English
Powered by Product Fruits