Minimize the risk of doing business with vendors and other third parties.
Transformative cloud solution for automating and streamlining an organization’s vendor risk management process
Questionnaire is easy to use and to customize. Having it delivered via the cloud allows us to easily assess third parties.Randy Barr VP & CISO at Saba
SAQ streamlines your third-party and internal risk assessment processes right from the questionnaire creation phase. With SAQ, you easily design in-depth surveys to make business-process control assessments of security policies and practices of third parties and internal staff, and their compliance with industry standards, regulations and internal requirements.
Let SAQ’s wizard walk you through the creation of campaigns, including assigning deadlines and configuring notifications
Create questionnaires with SAQ’s drag-and-drop UI, or tap SAQ’s template library of surveys for regulations like HIPAA, Basel 3 and SOX, and industry standards like PCI
Require that respondents attach evidence files for certain answers
Form questions with various types of answer formats, such as multiple-choice check boxes, drop-down menus and open-ended text boxes
Configure questions to be dynamically shown or hidden based on a prior response
Design campaigns with different workflows: Accept surveys once they’ve been completed by respondents, or require extra steps, such as supervisor reviews and approvals
Assign criticality levels to questions, and a score for answer options in the questionnaire templates. The question criticality scale is customizable with labels and answer weights
Allow respondents to delegate questions to peers that are better able to answer them
The traditional way of conducting these risk assessment surveys – emailing questionnaires and tracking responses on a spreadsheet – no longer cuts it. SAQ automates these audit campaigns and makes the process agile, accurate, comprehensive, centralized, scalable and uniform across your organization.
Enter respondent emails in the SAQ web console and SAQ auto-provisions the surveys, sending out links to the web-based questionnaires
Centrally manage and track the progress of all of your campaigns
Monitor response activity in dashboards updated in real time, and literally watch as questions are answered
Let supervisors review the format and content of questionnaires before they’re launched and even while a campaign is in progress
Set up recurring campaigns that need to be run with a specific frequency
Support a wide variety of risk assessment use cases within your organization and externally with your vendors, contractors, partners and consultants, including:
If the process of filling out a risk assessment questionnaire is cumbersome, this will affect the quality and thoroughness of answers provided by respondent, as well as their timeliness for completing the surveys. SAQ makes the task intuitive with a raft of convenient features designed to make life easier for respondents, including.
Quickly and efficiently completing questionnaires from any browser at any time
Securely attaching evidence files with drag-and-drop convenience
Delegating questions to other users or user groups based on their role
Receiving reminder emails regarding due dates and completion status
The goal of these campaigns is to quickly and precisely identify IT security and compliance gaps among your network of third parties, and within your organization, so you can take appropriate action. SAQ gives you all the tools for displaying, understanding, analyzing and acting on the collected data.
Provide high-level dashboards for executives and detailed views for internal auditors and compliance officers
When generating reports, filter data by question criticality and answer scores to derive an overall risk score or identify high risk areas
Create custom dashboards designed to reflect the risk and compliance postures of specific third parties
Slice and dice campaign results using a variety of criteria, such as by vendor, respondent or specific questions
Generate proof of compliance with detailed reports