Skip to main content

Evolution of the Global Risk Exchange | Third-Party FAQ

Katie
Updated

Table of Contents

  • What are the key benefits to me on the Third Party side of the Exchange (receiving questionnaire requests)?
  • Will I need to do anything with my current assessment (questionnaire) regarding this release?
  • What looks different with the Customer request process?
  • How will the re-attest (refresh) process work with the assessment (questionnaire)going forward?
  • How will the Proactive Sharing process work?
  • Any changes to notifications/communications?
  • Are there any changes to my control level over my questionnaire and other data?
  • Where can I get a full introduction to all the new changes to the platform?

What are the key benefits to me on the third-party side of the Exchange (receiving questionnaire requests)?

  • These enhancements provide more self-serve, on-demand access for members versus needing to work with our support teams. We have reduced the volume of questions and aligning them with NIST Risk Domains for a more streamlined experience. The popular complimentary proactive sharing functionality is now fully automated and near real-time. We have more details available, transparency, and full automation, which means requests will be clear and easy to action on without needing to work through support.

Will I need to do anything with my current assessment (questionnaire) regarding this release?

  • If you assessment was in progress during the release (February 15th, 2025), no action is required as our engineering teams have securely migrated your latest questionnaire over.
  • If you had a completed assessment, yes, you will need to agree to migrate the legacy data over. The first time any user from within your company engages with the questionnaire after this release, you will be prompted to migrate your legacy assessment data to the new model. The migration is initiated by clicking the 'start' button within the 'Cyber Controls' card on the Questionnaire Dashboard.

Screenshot 2024-12-20 at 8.56.29 AM.png

Then click on 'migrate legacy assessments' within the modal that appears.

Screenshot 2024-12-20 at 8.55.14 AM.png

After initiating the migration process, within a few seconds, all previously saved answers and comments will populate the Cyber Control Questionnaire.

You may notice that the answer by data associated with a control/metric question and the comment created by data upon migration do not convey the specific user within your company who performed that action. This is expected behavior due to the legacy assessment data model lacking the degree of granularity required to capture that data. However, the new questionnaire model provides these insights, so once you update a control/metric question or add a new comment, it will reflect the appropriate username for the person who performed that action.

What looks different with the Customer request process?

  • Customers are able to request questionnaires, validation, and documents as they have been, but in a much smoother, direct way via the system. The questionnaire "tiers" will no longer be options for questionnaire request types. Instead, Customers will request based on frameworks. For example, the "60 critical controls" framework is likely to be the most common request. 

How will the re-attest (refresh) process work with the assessment (questionnaire) going forward?

  • Customers will state their data recency requirement within the request itself (no policy, 12 months, 24 months, or 36 months). If your questionnaire is within the stated recency expectation, you may authorize at any time to fulfill the request. If your questionnaire has not be re-attested within the stated time frame, you will be prompted to re-attest again in order to fulfill the request. Re-opening your questionnaire will also now be 100% in your control, whenever you would like via the system.

How will the Proactive Sharing process work?

  • Third-parties can add their desired share recipient to their customer portfolio (doesn't matter if they are a part of the exchange already or not), hit the share button, and fill out the share form to share. The process after the form submission will be fully automated and near real-time. Not sure what this functionality is? Review sharing and tracking or contact our support team to learn more!

Any changes to notifications/communications?

  • All communications will now be coming from our platform directly versus having supplementary communications coming from our Assessment Coordination team (Zendesk system) as well. Customers of course may still contact you directly additionally. We will continue to have a support team (ExchangeSupport@processunity.com) here to support with any questions or needs. 

Are there any changes to my control level over my questionnaire and other data?

  • You now have even greater control! You are still in control of authorizing (releasing) your questionnaire, validation, and/or documents separately and by Customer. Also, you are now able to re-open your questionnaire self-serve and make updates as desired. We've also added in more visibility to show who on your team took certain actions and when.

Where can I get a full introduction to all the new changes to the platform?

  • As a third party member we want to ensure you maximize your membership with ProcessUnity Global Risk Exchange and enjoy all the benefits of the platform. Join one of our Webinars lead by our Exchange platform experts to get a tour of the platform features: REGISTER HERE

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles