Feature - Third Party Audits needs improvements (ongoing r49 or r50)

Forum - Software
#1

Aren’t compliance packages too complicated for Third Party Audits?

Why dont we allow a simple import of a questionnaire (CSV format?) instead of compliance packages? We could also have a few common templates prepared (for service providers, etc).

The new import could enable users to have “conditionals” too, a bit like googles. When “feedback” option is selected, you could trigger a “warning”

image.jpg1277×599 211 KB

When a feedback is selected, you can also trigger other feedbacks:

image.jpg1311×700 200 KB

The “feedback” (on the first level or second) can trigger also a “text field”

image.jpg1148×293 63.7 KB

The problem with this “versatility” is that filters as we know them, would not work. So if i want to know what answer i got for section 4 is not a single “feedback” but it could be “sub-feedbacks” too. This works for google because this items are some sort of variant of json (not CSV but) offer no reporting.

I’m eager to improve Third Party Audits but i dont want to over complicate things too much. My questions:

1/ Would you like to see the “questionnaire” to be “more dynamic” ? If yes, how so?
2/ We have logged other features for this module (feedback to be single select, etc) - what other things you need?

Regards
Esteban

2 Likes
Question - Third Party Audits / audit request to more than one person
#2

I also got many times asked about “Scoring” the risk of an audit by giving items on the questionnaire a “Weight” and based on the “Feedback” get a overall score.

#3

Work on progress:

  • We stop using compliance packages, we have a new CSV
  • We include “Warning” conditions for each question / answer combination.
  • We update the auditee screen to be more like googles
  • We support risk ratings for every questionnaire question / answer combination (this is optional)
  • We improve the form used to create a third party

We appreciate your feedback here! If you are interested in participating with feedback we could organise a call about this topic.

1 Like
#4

New CSV Format - tentatively

#5

This is taking shape - development starts next week … it will take a month or so to get it going.

#6

This sounds great. What’s the status?

#7

just sat with developers and reviewed it, it will be a month until is public…i think its going to be really a nice update to the old third party audits.

#8

We are moving forward quite ok, we leave a few screenshots:

The first step on the creation of an assessment:

image (7)
image (7)1427×774 38.7 KB

The CSV upload process nearly done:

image (9)
image (9)1427×789 41.1 KB

The page where auditees respond questions:

image (10)
image (10)1436×776 45 KB

We have still work to do of course, we expect this to be completed and full tested in one month approximately.

Regards

#9

Just meet with Marek he has done pretty nice progress:

1/ index is getting shape

image (15)
image (15)1423×707 41.9 KB

2/ auditee form has more logic built in

image (13)
image (13)1434×797 32.8 KB

3/ audit logs being stored and filters ready

image (14)
image (14)1427×676 57.4 KB

This week we start testing the base functionality and left for the end:

  • Notifications
  • Recurrence
  • Findings

Branch: feature/vendor-assessment

This could be tested and working in more or less two weeks time.

#10

Admin Section Dashboard will have the following charts:

image
image1755×363 43.4 KB

#11

We are doing a lot of progress here and i think its really much nicer and easier to use than the previous module:

image
image1417×700 133 KB

and the portal is changed, we are still doing adjustments but is better:

image
image1073×689 75.2 KB

We could not use the new template as we simply need to work on it for a month until is ready to be used, but anyway i think re-using the current template has still worked well.

This week im pretty sure we’ll complete the code and keep testing it upside down. We’ll run a few trainings in a couple of weeks to all our customers to explain how it works.

#12

A few features requested while demoing this morning:

Tags on VA
https://github.com/eramba/eramba_v2/issues/1190

Clone a VA
https://github.com/eramba/eramba_v2/issues/1193

Recurrence Setting missing on the index
https://github.com/eramba/eramba_v2/issues/1194

Some status are missing on the filters
https://github.com/eramba/eramba_v2/issues/1195

#13

I’ve reviewed the trainings and have started testing the feature. Thanks for the work launching this.

I am still unsure/confused about one aspect. Here’s an example:

I need to run a campaign to collect responses to questions from 15 vendors about something (e.g. data security, SOC reviews, GDPR, whatever). I create my questionnaire and upload it to eramba. How do I send this questionnaire out to the 15 vendor contacts so they can each respond? How do I review and analyse the responses and findings for this campaign.

It appears I must duplicate my questionnaire 15 times and manually update each one to customize it to the vendor?

Next week I’ll have a whole new campaign (and set of questions) to start for a different set of vendors.

I appreciate clarification on how this is intended to work. Based on my reading of other forum posts, I’m asking a similar question that was asked about the old functionality:

#14

hello !

Correct - next week we’ll add a “Clone” feature (look the post above) that would spare you from some clicks.

#15

Ah. I couldn’t figure out what was meant by “clone”. This is rather unfortunate, as it makes the management of multiple campaigns and the results less cohesive. It is rare that I want to question just one person/company. More often I need to question multiple, and managing them as individual questionnaires (even if I can clone the questionnaire as you described) is going to be time consuming.

Can this be a feature request for future development?