Feature - Third Party Audits needs improvements (ongoing r49 or r50)

Aren’t compliance packages too complicated for Third Party Audits?

Why dont we allow a simple import of a questionnaire (CSV format?) instead of compliance packages? We could also have a few common templates prepared (for service providers, etc).

The new import could enable users to have “conditionals” too, a bit like googles. When “feedback” option is selected, you could trigger a “warning”

When a feedback is selected, you can also trigger other feedbacks:

The “feedback” (on the first level or second) can trigger also a “text field”

The problem with this “versatility” is that filters as we know them, would not work. So if i want to know what answer i got for section 4 is not a single “feedback” but it could be “sub-feedbacks” too. This works for google because this items are some sort of variant of json (not CSV but) offer no reporting.

I’m eager to improve Third Party Audits but i dont want to over complicate things too much. My questions:

1/ Would you like to see the “questionnaire” to be “more dynamic” ? If yes, how so?
2/ We have logged other features for this module (feedback to be single select, etc) - what other things you need?



I also got many times asked about “Scoring” the risk of an audit by giving items on the questionnaire a “Weight” and based on the “Feedback” get a overall score.

Work on progress:

  • We stop using compliance packages, we have a new CSV
  • We include “Warning” conditions for each question / answer combination.
  • We update the auditee screen to be more like googles
  • We support risk ratings for every questionnaire question / answer combination (this is optional)
  • We improve the form used to create a third party

We appreciate your feedback here! If you are interested in participating with feedback we could organise a call about this topic.

1 Like

New CSV Format - tentatively

This is taking shape - development starts next week … it will take a month or so to get it going.

This sounds great. What’s the status?

just sat with developers and reviewed it, it will be a month until is public…i think its going to be really a nice update to the old third party audits.

We are moving forward quite ok, we leave a few screenshots:

The first step on the creation of an assessment:

The CSV upload process nearly done:

The page where auditees respond questions:

We have still work to do of course, we expect this to be completed and full tested in one month approximately.


Just meet with Marek he has done pretty nice progress:

1/ index is getting shape

2/ auditee form has more logic built in

3/ audit logs being stored and filters ready

This week we start testing the base functionality and left for the end:

  • Notifications
  • Recurrence
  • Findings

Branch: feature/vendor-assessment

This could be tested and working in more or less two weeks time.

Admin Section Dashboard will have the following charts:

We are doing a lot of progress here and i think its really much nicer and easier to use than the previous module:

and the portal is changed, we are still doing adjustments but is better:

We could not use the new template as we simply need to work on it for a month until is ready to be used, but anyway i think re-using the current template has still worked well.

This week im pretty sure we’ll complete the code and keep testing it upside down. We’ll run a few trainings in a couple of weeks to all our customers to explain how it works.

A few features requested while demoing this morning:

Tags on VA

Clone a VA

Recurrence Setting missing on the index

Some status are missing on the filters

I’ve reviewed the trainings and have started testing the feature. Thanks for the work launching this.

I am still unsure/confused about one aspect. Here’s an example:

I need to run a campaign to collect responses to questions from 15 vendors about something (e.g. data security, SOC reviews, GDPR, whatever). I create my questionnaire and upload it to eramba. How do I send this questionnaire out to the 15 vendor contacts so they can each respond? How do I review and analyse the responses and findings for this campaign.

It appears I must duplicate my questionnaire 15 times and manually update each one to customize it to the vendor?

Next week I’ll have a whole new campaign (and set of questions) to start for a different set of vendors.

I appreciate clarification on how this is intended to work. Based on my reading of other forum posts, I’m asking a similar question that was asked about the old functionality:

hello !

Correct - next week we’ll add a “Clone” feature (look the post above) that would spare you from some clicks.

Ah. I couldn’t figure out what was meant by “clone”. This is rather unfortunate, as it makes the management of multiple campaigns and the results less cohesive. It is rare that I want to question just one person/company. More often I need to question multiple, and managing them as individual questionnaires (even if I can clone the questionnaire as you described) is going to be time consuming.

Can this be a feature request for future development?