Skip to main content
๐ŸŽ‰ Check out our latest May Release ๐ŸŽ‰ Here

Search

Welcome to Whistic Support

How To Request an Assessment from a Vendor

  • Updated

Table of Contents

Summary

Do you need to gather material from a vendor in order to conduct a security assessment? We'll outline the steps below.

A few things to point at before getting started:

  • Requests are issued through the Vendor Detail page
  • Requests can consist of a Questionnaire and/or Document
  • If a document request, you can offer alternatives options for the vendor to complete (in the form of a Questionnaire), if they don't have the document being requested
  • A request can be sent to multiple vendor contacts. However, by default; each of the contacts will work on their own questionnaire, independent of the other requests
  • While a request is outstanding, it can be reassigned by the requester or the recipient
  • While a request is outstanding, it can be cancelled by the requester
  • Ideally, the vendor is expecting an assessment request. If not, it may help to reach out and inform the vendor that the assessment request will be facilitated through Whistic
  • If the Vendor Status = Inactive, the Vendor is unable to access any assessment requests
  • If an assessment is sent to a vendor in Inactive status, the old request will need to be cancelled and a new request will need to be sent once the status has been changed to Active.
  • Is there an existing document that you'd like to review without requesting through Whistic? Go here for more.

๐Ÿš€ Steps

1. Use the dropdown Assess and select Vendors

2. Select a Vendor to open the Vendor Details page

3. Under the Overview section, select the Start Assessment button. Selecting this button will automatically create a new assessment folder with the current month and year as the review line.

3.1 Optional: If there is an available Trust Center in the Trust Center Exchange, Whistic will invite you to import that Trust Center rather than issue a new request.

Screenshot 2025-04-27 at 9.22.42 PM.png

4. Next, you will be able to select existing sources, if you already have documentation from your vendor, or request new ones. You can choose to request a Questionnaire and/or Document.

Screenshot 2025-04-27 at 9.25.14 PM.png

5. Select the Sources you would like to request and the Request Recipients

Optional: For Document requests, you can allow Acceptable Alternatives to the document. To do this, select the Allow Alternatives box and then select from a list of questionnaires that you will accept in lieu of the document.

NOTE: You can also CC additional contacts. Please note that the CC recipients will not be able to access or track progress on the assessment request. Another thing to note is that if you CC additional recipients, but there's already an outstanding request for that particular vendor, it will CC the same email addresses onto the most recent request that were CC'd on the older request. The way around this is to cancel any older, outstanding requests prior to sending a new one, if possible.

6. Select a Due Date โ€“ Encourage the vendor to reply to your request by setting a Due Date. This will help you enforce expectations and will show up for the vendor in the following locations:

  • On the request email notification
  • On the vendor's Dashboard task list
  • On the Questionnaire form itself

7. Click the Send Requests & Continue button when ready to email the requests. You will then be brought to the Review stage while waiting for the vendor to complete the assessment.

Screenshot 2026-05-19 at 3.58.48โ€ฏPM.png

8. If you need to cancel, reassign, or obtain the vendor registration link, you can do so from the Actions menu located at the end of each request.

๐Ÿ“ง Email Delivery Note (Vendor Registration Link)

Should the user not receive the email, no worries! Email receipt can be affected by the recipient organization's security settingsโ€”firewalls, inbox rules, or email filtering policies that block or quarantine emails from external platforms. Even if the email isn't in their spam folder, it may have been filtered elsewhere before reaching their inbox.

To resolve, you can grab the direct registration link to assist the user in registering and accessing the request all from Assessments. Here is how:

Screenshot 2025-04-28 at 11.16.01 AM.png

Once sent, the vendor contact will receive an email (example below) inviting them to open and complete the request in Whistic. Our Support Team is standing by to help with any questions. As long as the request is outstanding, they will receive regular reminders to complete the request.

Should the user not receive the email, no worries! You can grab the direct registration link to assist the user in registering and accessing the request all from Assessments. Here is how:

  1. Open the Vendor Record
  2. On the Overview tab, scroll down to Assessments
  3. Next to the line item of the request, where it displays the recipient and questionnaire requested, click the Actions drop down

  4. Select Registration Link

    Screenshot 2025-04-27 at 9.27.07 PM.png
  5. Copy that link and send it to the user via email for assistance
Screenshot 2024-11-27 at 9.40.00 AM.png

โœ๏ธ Update an Existing Request

Forgot to add an item to an outstanding request? We got you covered!

  1. Log in to Whistic
  2. Locate the Vendor you wish to request the questionnaire/document from
  3. On the overview tab, click Continue on the open assessment package (should be the top folder)
  4. Select Add Sources at the top left

  5. And choose Request Questionnaire/Document

    RequestAnother_AddSources.png
  6. The platform will ask for the:
    1. Questionnaire/document you wish to send and
    2. The vendor contact information
  7. Once you complete the form, select Send Request

๐Ÿ“„ Document Request

Below is a comprehensive list of all documents that can be requested in Whistic:

  • ISO 27701 Certification
  • ISO 27017 Certification
  • ISO 27018 Certification
  • ISO 42001 Certification
  • SOC 1 Report
  • SOC 3 Report
  • SOC 2 Bridge Letter
  • SOC 2 Type 2 Report
  • Certificate of Insurance
  • Penetration Test Report/Letter of Engagement
  • Information Security Policy and Procedures
  • Privacy Policy
  • FedRAMP Authorization
  • HIPAA Certification
  • PCI Certification/Self-Assessment Questionnaire (SAQ)
  • HITRUST Certification
  • Breach Attestation
  • Cloud Hosting Security Tools and Services
  • Cyber Liability Insurance (COI)
  • Data Encryption Policy
  • Data Flow Diagrams
  • Business Continuity Plan and Test
  • Disaster Recovery Plan and Test
  • Incident Response Plan and Test
  • Risk Management Policy and Process
  • Security White Papers
  • Software Bill of Materials
  • Third-Party Risk Management Program
  • Vulnerability Scan Results

โ“ FAQ

How come the Questionnaire I want to request is greyed out in the list of options?

If the questionnaire is greyed out when attempting to select, this is due to that questionnaire already being sent out to a user within that vendor's organization. Should you wish to send the questionnaire to another user, cancel the existing request and send a new request to the user you wish.

How come I am receiving a "Something Went Wrong" error message when attempting to send a request to a vendor via Assessment Activity?

This is likely due to an external contact not being listed in the vendor record. To confirm, go to the Contacts section and locate an external contact. If no external contact is listed, please add one and try again.

๐Ÿ“š Additional Resources

  • Conduct a review of a document, either one you requested in Whistic, or an existing document - learn more HERE
  • Conduct a review of the questionnaire and ask follow-up clarification questions if needed - Learn more HERE

Related to