Assessments

April 11, 2026

Measure the maturity of your security program, prepare for external audits, and evaluate vendor security posture with structured questionnaires.

Assessments are structured questionnaires used to measure the maturity of your security program, prepare for external audits, or evaluate the security posture of vendors. The platform provides ready-made templates aligned to major frameworks and allows you to create custom assessments for specific contexts.

Assessment Types

  • Readiness assessment — Measures how prepared your organization is for a certification audit (ISO 27001, SOC 2). Identifies gaps and prioritizes remaining work before the formal certification process
  • Vendor assessment — Security questionnaire sent to third parties to evaluate their data protection practices, access controls, and regulatory compliance
  • Periodic internal review — Recurring review of implemented controls, used to identify regressions, new risks, or environmental changes that require updating the program

Starting an Assessment

To create an assessment, go to Assessments in the sidebar and click New Assessment. Select the base template (ISO 27001, SOC 2, vendor assessment, or custom), define the scope, and assign owners for each section.

Assessments can be completed directly in the platform or sent via link to external collaborators — such as vendors — who don't have a platform account.

Answering Questions

Each assessment question includes the question in clear, objective language, the framework context behind the requirement, response options (yes/no, maturity scale, or free text), and a field to attach evidence directly to the answer. You can answer in parts and resume later — progress is saved automatically.

Results and Reports

When an assessment is complete, the platform generates a report with an overall compliance or maturity score, per-domain scoring, a list of identified gaps with recommendations, and action items automatically generated for each gap found.

The report can be exported as a PDF for use in leadership meetings, board presentations, or delivery to external auditors.

Assessment History

All completed assessments are saved in the organization's history. This allows you to track the evolution of security maturity over time and demonstrate continuous progress — an explicit requirement for maintaining certifications like ISO 27001, which requires periodic reviews of the management system.