Not logged in - Login
View History

Reviewing Completed Questionnaires

Review Questionnaire Responses

When a questionnaire has been completed by a supplier the Relationship Owner will be notified. There is a few options in which to review questionnaire answers.

  • Full review - where *all* questions need to have review tick and score confirmed. Questions can be clicked into if a revised score needs to be recorded. On the left panel clicking into 'Review all Questions' puts score revision and justification into a list view so multiple questions can be reviewed and revised in one go.
  • Individual question review - click into each question and review the answer and score and submit
  • Question with a 'text only' answer will be highlighted for direct review

    From the Supplier Dashboard > Questionnaires (for the desired supplier organisation) > list of questionnaires will be available > click 'Review' for the desired questionnaire you would like to analyse the answers of.
    From this page you can;

  • Assign Reviewers - an organisation or division administrator can assign others within the organisation to review questions where relevant.
  • Control Analysis - view the related controls to this questionnaire and there percentage effectiveness
  • Attribute Analysis - ISO 27001:2022 saw the introduction of attributes as a way to sort or present controls, the five suggested attributes have been mapped in Abriska and graph analysis is now provided where the default ISO 27001 control question set is utilised (Operational Capabilities, Control Types, Information Security Properties, Cybersecurity Concepts and Security Domains) - please go to the bottom of the page for a visual.
  • Risk Treatment - set a risk treatment and action plan
  • Questions for Review - view that manual questions that require scoring for the questionnaire to be fully completed. Note this is only for questions where is answer type is 'Text', this is a free text box answer, requiring manual review.
  • Reopen Questionnaire - you can resend the questionnaire to your supplier if answers need more clarification or evidence.
  • Risk Analysis
  • Analysing the answers to the most recent questionnaire; from the 'Questionnaire Workflow' tab, select ‘Risk Analysis’ and list of questions will appear from the most recent questionnaire. To view questions from previous or other questionnaires go to > 'Questionnaire Options' > 'Questionnaires' > select the questionnaire you wish to view.

How to review a questionnaire

From the Supplier dashboard > hover over the list image 'Questionnaires' should reveal. Here you will be presented with the suppliers questionnaires. You can view how many questions they have completed, when it was sent, started and completed and the risk score they has been allocated.

Revising scores

Scores can be revised, each question can be review and the scoring updated to provide a more accurate result. Commentary is added to support the score and change to any score. A full history of scores and core revisions is maintained.

There is also the option to ‘reopen questionnaire’ which allows the supplier to edit an answer and resubmit the question.

Viewing responses before completion of the questionnaire

Abriska is configured such that the question responses can only be viewed by the customer when the supplier has fully completed their response and submitted. Progress against the number of questions assigned can be viewed at any time.

Risk Treatment

This is the supplier risk treatment strategy page. It will highlight to the user at what risk level the questionnaire classifies the supplier at. The user has the option the select a 'Risk Strategy' from a dropdown box to 'Accept', 'Reduce', 'Avoid' or 'Transfer'.
You must select and 'Submit' a review date before submitting a 'Risk Action'. Where a control assessment is inadequate, 'Risk Actions' can be created for remediation activity. Actions can be created on internal staff or supplier contacts. Actions are raised and recorded against a questionnaire rather than a control area.
Risk Treatment and Action


Reviewing Completed Questionnaires



Attribute Analysis

ISO 27001:2022 saw the introduction of attributes as a way to sort or present controls, the five suggested attributes have been mapped in Abriska and graph analysis is now provided where the default ISO 27001 control question set is utilised. Organisations can further analyse a suppliers risk detail not only but looked at each control risk but understanding risk by Cybersecurity Concepts, Information Security Principles, Control Types, Security Domains and Operational Capabilities. The mapped controls to these Attributes can be found in ISO 27002:2022.
Attributes Control Effectiveness


Return to Supplier Risk Management