Request failed with status code 502

Online Assessments

Upload questionnaires and send them to your stakeholders for feedback - long

  • Episodes13
  • Duration33m 4s
  • LanguagesEN
Episode 1

Introduction to Online Assessments

Introduction to the Online Assessment Course

The Online Assessment (OA) comes in handy when you want to learn about someone or something. You will make a list of questions, send them over and hopefully get some feedback.

The OA module is used for an infinite number of situations:

  • Risk Assessments
  • Supplier Vendor Assessments
  • Application Assessments
  • Data Privacy Assessments
  • Many other ...

At a very high level, you will need to define three things, a questionnaire (you will have multiple), for example:

  • Risk Assessment v1
  • Risk Assessment v1.1
  • Application Assessment
  • Consulting Supplier Assessment v1.0
  • Consulting Supplier Assessment v2.0
  • Etc

Who has to give you feedback (recipient), this can be someone (one or more people) inside or outside your organisation. These people will need accounts in eramba to access the OA portal.

For every combination of recipient/questionnaire, you will create an Online Assessment. As you can see in the diagram below, an OA can have more than one recipient (imagine two people at the supplier Acme will work together to complete a single questionnaire) but will always have one questionnaire.

If you have 10 software applications in your organization and you want to assess them against the same security questionnaire then you need to:

  • Create one questionnaire (security questions)
  • Create ten OAs that use this questionnaire (one for each application)
  • Create accounts for each recipient of every one of those OAs (probably 10 different people)

The questionnaire will be built by you. Using our template spreadsheets you will simply define the questions and organize them into chapters. For every question in every chapter you can define the following attributes:

  • Answer Type: dropdown with options, open answer or both
  • Conditional Questions: If they answer "Yes" to question 1.1, then show this other question
  • Scoring based: if they answer Yes to question 1.0 grant %100 of the marks.

The person defined to answer your questions must log into eramba (you will provide a special link with some notifications) to provide you with feedback:

 

As shown in the screenshot above, the portal will show your questionnaire chapters (on the left), questions in the middle and the option to exchange comments and attachments in between you and the person providing you with feedback.

You can track the status of your OAs using labels and notifications, these come with eramba but can also be defined by you using your own defined conditions. For example, if the OA has not received feedback in one week and is not completed send an email notification.

Once all questions have been answered the OA can be submitted and no further feedback or logins will be allowed.

Answers and their associated comment & attachments will form a trail that you can query at any time to ensure the integrity of the data provided. You can log in to the same portal with your account and review the feedback provided.

As shown in the screenshot below you can lock answers so no further modifications can be done.

Whatever feedback (answers to your questions) was provided during the assessment will be stored in eramba including logs of who logged in and what type of feedback will also be logged.

Your questions/recipient will typically have some sort of "result" objective:

  • Describe the "maturity" of the assessor (High, Medium, etc.)
  • Define a "Pass" / "Fail" condition
  • None, simply understand them

Based on your "result" strategy you will define custom fields in eramba that will help you review the assessor feedback and determine an outcome (result). As shown in the screenshot below you can have multiple "result" strategies defined for your OAs depending on the type of result you need for the questionnaire you are working with.

You will configure labels that will trigger based on your result strategy.

Based on the objective of your OAs you will asociate them with other modules in eramba:

  • Third Parties: for example, if your OAs are focused on assessing suppliers
  • Assets: if your OAs are focused on assessing systems, applications, offices, etc
  • Risks: if your OAs are focused on providing general risk identification
  • Data Privacy: if your OAs are focused on data privacy identification

The examples above show common associations between OA and other eramba modules that will allow you to answer questions such as:

  • Which suppliers are not assessed? or have scored poorly?
  • Which applications (assets) are not assessed? or have scored poorly?
  • Where has a given risk originated?
  • Etc

The screenshot below shows the list of Third Parties (suppliers) where only one has been assessed.  The assessment seems. to have shown the maturity of this TP is low.

Sometimes there is an interest in following up with answers you have received, we call them "Findings". Findings have owners and deadlines. Notifications, filters and graphical reports allow you to easily keep track of them and follow up until they are resolved.