This document will outline the creation, sharing, review, and finalization of assessments. It should serve as a primer on including assessments as part of your data privacy program.
The first concept to introduce is that of Assessment Groups. As part of your privacy operations, you may want to group assessments according to certain criteria to better organize them.
For example, if you intend to run DPIAs on a yearly cadence, you might want to group the DPIAs for the specific year, to make it easier to review your assessments in the future.
Alternatively, you may want to organize them by assignee. For example, if you would like to assess vendor risk for a large organization, you may want to create an Assessment Group for that specific organization, and send copies of the assessment to several teams within that organization.
Assessment groups help organize assessments to make it easier to manage and review them.
Before you can create assessment groups, you must have created at least one template. For instructions on doing so, see Templates.
In the Assessments tab, click on the “New Assessment Group” button.
A dialog will appear where you can edit the title and description of the assessment group, and assign a template to it.
Once you have created this assessment group, you will see a corresponding row added to your "Assessments" tab. Click on it to start assigning and sharing your assessments.
At this point, you are ready to share that assessment with your desired assignees. To do so, click on the "Share" button on the top right, and a new modal will appear.
This view will let you assign folks within your organization by searching for them. Additionally, you can toggle "Create a new copy of the assessment for each respondent" on to send individual copies to each assignee.
If you don't toggle that option, your selected respondents will be assigned to the same copy of the assessment.
Once you have shared the assessment, you will see new rows within the assessment group for each assignee, and they will receive an email requesting their responses to the assessment.
Within the assessment group, you can optionally customize the "internal label" and "due date" fields of the assessments for easier management.
You have now successfully shared your first assessments! We will now move to the "review" flow.
Now that your assessments have been shared with the respective assignees, they will be responsible for filling them out and returning them to you for review.
To keep track of the status, you can refer to the "Status" field within each assessment group. When responses have been submitted by the assignee, the status will be updated to "In Review."
Once an assessment is ready to be reviewed, you can hover over that row and click on the "View Responses" button that appears on the right side of the assessment row.
Once you click on the "View Responses" button, you will see a modal that allows you to review all the questions and their respective answers. You can do several things at this point:
- Comment on individual questions
- Approve the assessment responses
- Reject the assessment responses
To request changes on individual questions, click on the "Comment" icon next to the response that needs review.
To approve an assessment response, scroll to the bottom and click on "Approve Response."
To reject an assessment response, scroll to the bottom and click on "Reject Response."
Finally, whether you have left comments on individual questions, or require more general changes, you can click on "Request changes" to send the assessment back to the assignee to make changes.
Any action you take will update the status of the assessment to reflect the changes. Changes to the status will also notify the assignee, and in the case of "changes requested", they will receive an email to update their answers in accordance with the feedback.