Search
The questionnaire workflow in the Uproot Security platform allows users to collect vendor responses and upload supporting documents as part of a vendor review.
Questionnaires and uploaded reports are used to generate review findings and support manual risk identification during the review process.
Vendor reviews allow users to assess third-party vendors within a defined review cycle by collecting inputs, reviewing documentation, and identifying potential risks. Only the vendor owner can create a new review.
To create a vendor review:


Once created, the vendor review becomes the central workspace for questionnaires, uploaded reports, findings, and risk identification.
Questionnaires are used to collect structured responses from vendors and form the primary input for generating review findings.

To create a questionnaire for a vendor review:



The questionnaire will be created and attached to the vendor review.
Questions can be added to a questionnaire in two ways: by adding a custom question manually or by creating questions using AI.
To add questions to a questionnaire:

Custom questions allow users to manually add specific questions to a questionnaire based on internal requirements or vendor context.
To add a custom question:


The question will be added to the questionnaire.
AI-generated questions help users quickly populate questionnaires with relevant questions for review.
To create questions using AI:

Approved questions are added to the questionnaire only after confirmation.
To complete the questionnaire:

Completed questionnaire responses are used during the review process.
Uploaded reports allow vendors to submit supporting documents, such as compliance or security reports, as part of a review.
To upload reports for a vendor review:

The uploaded report will be associated with the vendor review.
Notable findings are generated after reviewing inputs from a vendor review and highlight areas that may require further review. There are two types of findings:

These are generated from completed questionnaire responses.
To generate findings from completed questionnaires:
AI will review the questionnaire responses and generate findings.

These are generated from supporting documents uploaded by the vendor.
To generate findings from uploaded reports:

AI will review the selected uploaded report and generate findings based on its contents.
The risk register is used to manually record validated risks identified during the vendor review process.
To add risks identified during the review:

Risks are not added automatically and require manual input.
Powered By SparrowDesk