Skip to main content

Completing the Questionnaire

Katie
Updated

Table of Contents

 

Migration of Legacy Assessment Data

In February 2025, we released a new questionnaire model, the Cyber Control Questionnaire, aimed at reducing the volume of questions and aligning them with NIST Risk Domains. As a result, the first time any user from within your company engages with the questionnaire after this release, you will be prompted to migrate your legacy assessment data to the new model. The migration is initiated by clicking the 'start' button within the 'Cyber Controls' card on the Questionnaire Dashboard.

Screenshot 2024-12-20 at 8.56.29 AM.png

Then click on 'migrate legacy assessments' within the modal that appears. 

Screenshot 2024-12-20 at 8.55.14 AM.png

After initiating the migration process, within a few seconds, all previously saved answers and comments will populate the Cyber Control Questionnaire. 

You may notice that the answer by data associated with a control/metric question and the comment created by data upon migration do not convey the specific user within your company who performed that action. This is expected behavior due to the legacy assessment data model lacking the degree of granularity required to capture that data. However, the new questionnaire model provides these insights, so once you update a control/metric question or add a new comment, it will reflect the appropriate username for the person who performed that action. 

 

Responding to and Prioritizing Customer Requests

The 'Request and Shares' table on the Questionnaire Dashboard captures all customer requests and shares initiated by your company to another company that has not yet been fulfilled so that you can effectively respond to them from a questionnaire completion perspective. Customers can now request, and you can also share, subsets of the questionnaire defined by a set list of frameworks rather than being restricted to the entire questionnaire.

Screenshot 2024-12-20 at 9.11.07 AM.png

Requests and shares associated with the same framework will be grouped into a single row, with the total number of companies indicated, to appropriately prioritize requests with a more significant number of interested customers. The table also shows the total number of questions included in a framework request and your progress toward answering them. You may prioritize completing a shorter framework request to fulfill it, then move on to a longer framework request. 

Note: To fulfill a customer request, you must answer all questions included in the request, submit the questionnaire, and approve the request in your 'Customer Portfolio'. 

 

Answering Controls

  1. To move between questions, click "Back" or "Next". Jump to a particular question by using the drop down option. 
  2.  Within the control question card, select the answer that best reflects your organization's security posture. 
  3. If the control question requires supporting evidence, a banner will appear below the question notifying you this is a critical control. Click "Expand Details" for more information on any control, including the evidence your organization can provide when required.

  4. Metric questions answer to what extent you have implemented a particular control based on Strength, Coverage, and Timeliness questions. Metrics are only relevant when answering the corresponding control 'yes.'

    Metric questions may be optional depending on the request your organization is completing. The metric question banner will inform you if they are required.

  5. Once you confirm your answer, the questionnaire will recognize you as the respondent and save your response.

 

Completing Validation

Validation is an additional process associated with a customer's 'Validation Request' which involves validating our 60 Critical Controls based on how you responded to those questions. Validation may be optional depending on the request your organization is completing. Validation only Each step in the validation process is performed directly in the platform, including document upload, attaching documents to particular controls, initiating document review by assessors, and reviewing validation results. 

Submitting the Questionnaire

Submission of the questionnaire can occur at any time after at least one question is answered and the Third-Party Profile Agreement is signed. You may choose to submit as you progress toward completion or wait until you have completed all the questions included in a customer request. The benefit of submitting as you progress is that you can see scoring outcomes along the way rather than once you have completed the entire questionnaire. 

The questionnaire is submitted on the 'Submit Questionnaire' page, which can be accessed by selecting the 'Review and Submit' button in the Cyber Controls card on the Questionnaire Dashboard.

Screenshot 2024-12-20 at 2.57.31 PM.png

It can also be accessed once the questionnaire is keyed in by selecting the 'Review and Submit' button found there. 

Submit without validation: Once on the 'Submit Questionnaire' page, you can review your entire questionnaire and see a list of unfulfilled customer requests and shares before proceeding with submission. If you are ready, you can select submit. 

Submit with validation: Once on the 'Submit Questionnaire' page, you can review your entire questionnaire and see a list of unfulfilled customer requests and shares before proceeding with submission. If one of your customers has requested validation, validation is initiated from within this page, which, when 'submit for assessor review clicked, informs our assessors that they can begin reviewing uploaded documentation and validating controls. Read more here: Submit Evidence for Validation FAQ

After submitting the questionnaire, results will be immediately generated and displayed on your Company Profile Page, within the features on the 'Risk Profile' page. Once you submit it, on your Questionnaire Dashboard within the Cyber Controls Card, the user who last submitted the questionnaire and the submission date will be indicated. 

Screenshot 2024-12-20 at 3.35.20 PM.png

 

Reviewing Assessment Results

Assessment results are displayed on your Company Profile Page within the features on the 'Risk Profile' page. This page can be accessed by clicking the 'My Company' icon in the left-hand navigation.

 

The ProcessUnity Risk Index is a dynamic, data-driven risk metric that reflects your company’s risk posture using a combination of attested controls, predictive analytics, external threat intelligence and perimeter scanning.

 

Download the Risk Report to explore the Risk Index further.

 

The Framework View feature provides results for the entire assessment, reflected at the individual control and metric level. Scores are calculated for a particular control using attested data by default, when available, and supplemented with predictive data when attested is lacking for a control. If attested metrics data is available, it will be leveraged to calculate the control score at the metric level, thus being more precise. You can also download the selected framework report from this tab. 

 

Updating the Questionnaire

You can update the answers to the questionnaire whenever you like the questionnaire dashboard . Click update to start working on your updates. You must re-submit the questionnaire to see any answer changes reflected in your assessment results and scoring. If you enter the questionnaire by any means found on the Questionnaire Dashboard, it will automatically re-open it. 

                   

                                                        Screenshot 2025-08-06 at 4.05.44 PM.png

Was this article helpful?

16 out of 23 found this helpful
Return to top

Related articles