Table of Contents
Summary
Assessment Approval streamlines how your team reviews and approves vendor assessments before finalizing them. This feature allows assessment reviewers to send completed assessments to designated approvers for feedback and sign-off, creating a formal approval process with complete audit trails.
Many organizations require multiple stakeholders (security managers, procurement teams, business owners) to review and approve vendor risk assessments before they're finalized. Assessment Approval brings this process directly into the platform, providing visibility into who needs to approve assessments, collecting approver feedback and decisions, maintaining auditable records of all approval activity, and sending automated notifications to keep the process moving.
⚙️ How Assessment Approval Works
For Assessment Reviewers: Sending for Approval
Step 1: Complete Your Assessment Review
After you've finished reviewing the vendor's documentation and responses in Steps 1 and 2 of the assessment, navigate to Step 3 (Final Report).
Step 2: Initiate the Approval Process
- Click the Request Approval(s) button
- A modal will open with 2 steps:
- Step 1: Select a Proposed Assessment Status that will be delivered to the Approver. Optionally, include a Status Explanation
- Step 2: Select Approvers from the list of existing Whistic users. If the user is not on this list, navigate to User Management and add them first. Optionally, include a message that will be included in the email notification
Step 3: Track Approval Status
Once you send for approval:
- The Assessment Status automatically changes to Pending Approval
- All selected approvers receive email and in-app notifications
- A banner on the Final Report tab displays the approval status of each approver
- The assessment remains in Pending Approval status until all approvers respond
Step 4: Manage the Approval Process
While approvals are pending, you can:
- Cancel the approval request if needed (this action will be logged)
- Add additional approvers by returning to Step 3 under Approvals and selecting Add Approver
- View approver responses as they come in
- Continue to add sources or request additional information from vendors if approvers identify gaps
Step 5: Finalize the Assessment
Once all approvers have responded:
- The assessment status changes to Awaiting Confirmation
- Review all approver feedback in the Approvers tab
- If revisions are needed, make necessary updates and request additional vendor information
- When ready, manually set the final assessment status
For Approvers: Reviewing & Responding
Step 1: Access the Approval Request
When an assessment is sent to you for approval, you'll receive:
- An email notification with a direct link
- An in-app notification
- A task in your Dashboard task list: Assessments Requiring My Approval
Step 2: Review the Assessment
Click through to view:
- The complete assessment and all vendor-provided documentation
- The Finalize tab with the reviewer's findings
- All sources and evidence gathered during the assessment
Step 3: Provide Your Response
From the Finalize tab. Click the Provide Response option in the upper right corner:
A pop-up will appear where you will select the appropriate Assessment Status which includes the following options:
- Approve - You agree with the assessment as presented
- Approve with Conditions - You approve but have specific conditions or concerns to note
- Request Revisions - Additional information or clarification is needed
- Do Not Approve - You do not approve the assessment
- Completed - Review and assessment has been completed
- Denied - Vendor has been denied
- Cancelled - Cancellation of assessment/vendor contract
Add Comments (Optional)
Provide context for your decision, such as:
- Specific concerns or questions
- Conditions for approval
- Suggestions for the reviewer
- Required changes or additional documentation needed
Your comments, decision, and timestamp will be saved as part of the final assessment record.
Send the Response
Click Send to ensure your approval has been submitted
Upon successful completion, the system will give a green banner at the top of the screen.
📊 Understanding Approval Statuses
How to Tell if an Approval is Complete
There are two ways to verify whether an approval has been submitted:
1. Check the Approval Icon at the Top of the Finalize Tab
The approval icon displays the overall completion status of all approval requests. This provides a quick visual indicator of whether all approvers have responded.
2. Look for Indentation in the Approvals Section
In the Approvals section at the bottom of the Finalize tab:
- Submitted approvals appear indented under the approval entry with the approver's response, timestamp, and comments
If you see "Cancel Request" next to an approver's name, that approval is still outstanding and has not been submitted.
Why Approvals Stay on Your Dashboard
If you're an approver, the assessment approval task will remain visible on your dashboard even after you've submitted your response. This is expected behavior.
Why does this happen?
- The task remains visible until the assessment reviewer finalizes the entire assessment from the Finalize tab
- This allows you to return to the assessment to view other approvers' responses or add additional comments if needed
- The task will only disappear once the reviewer clicks Finish Assessment and sets the final status
The Two-Step Completion Process
Completing an assessment approval involves two distinct steps:
Step 1: Approvers Submit Their Responses
- Each approver reviews the assessment and provides their approval status and comments
- Once all approvers have responded, the assessment status changes to Awaiting Confirmation
Step 2: Reviewer Finalizes the Assessment
- The assessment reviewer must navigate to the Finalize tab
- Click Finish Assessment
- Set the final assessment status
🔑 Key Features
Permissions and Access
- Any Whistic user can serve as an Approver, regardless of their normal permissions
- Approvers can view the complete assessment and Final Report, add their own notes (saved with their name and timestamp), set their approval status, and access assessments through the dashboard task list
- Approvers cannot edit the assessment or add sources—only users with assessment reviewer permissions can make these changes
Notifications and Reminders Email and in-app notifications are sent when:
- A review is sent to an approver
- An approver responds to the request
- All approvers have completed their reviews
Audit Trail and Reporting All approval activity is tracked and available through:
- Approvers tab - Shows all approver names, decisions, dates, and comments
- Final Report export - Includes complete approval information
- Reporting - Approval data is available in custom reports (coming soon)
- API access - Approval information can be accessed programmatically (coming soon)
❓ FAQ
Can I add approvers after I've already sent the assessment for approval?
Yes, navigate to Step 3 under Approvals and select Add Approver.
What happens if an approver requests revisions?
When an approver selects "Request Revisions," you can continue to work on the assessment, request additional sources from the vendor, or send clarification questions. The assessment status will remain Pending Approval until all approvers have responded with a final decision.
Can I change the assessment status while approvals are pending?
No. Once you send an assessment for approval, the status is automatically set to Pending Approval and cannot be changed until all approvers have responded. After all responses are received, the status changes to Awaiting Confirmation and you can then set the final status. If you need to proceed because an approver is out of office or unavailable, you can cancel the request to that specific approver.
Is there a limit to how many approvers I can select?
Yes, there is a limit of 5 approvers.
Can approvers see each other's responses?
Yes, all approvers and the assessment reviewer can see the responses from other approvers in the Approvers tab.
What if I accidentally send for approval?
You can cancel the approval request at any time before it's completed. Simply click the cancel option. This action will be logged in the assessment's audit trail.
Will approval information be included when I export the final report?
Yes, all approver information, including names, decisions, dates, and comments, will be included in the final report export.
Can approvers edit the assessment or add sources?
No, approvers can only view the assessment, add comments, and set their approval status. Only users with assessment reviewer permissions can edit the assessment or request additional sources.
Can I send approval requests out sequentially?
No, all requests can only be sent in parallel at the same time.
How do I know if an approval has been completed?
Check for two indicators: (1) The approval icon at the top of the Finalize tab shows completion status, and (2) In the Approvals section, completed approvals appear indented under the approval entry. If you see a Cancel Request option next to an approver's name, that approval is still pending.
Why does the approval task still show on my dashboard after I've responded?
The task remains on your dashboard until the assessment reviewer finalizes the entire assessment from the Finalize tab. This allows you to return to view other approvers' responses if needed.
All approvers have responded—why can't I change the assessment status?
After all approvers respond, you must navigate to the Finalize tab and click Finish Assessment to complete the process. Only then can you set the final assessment status.