Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

The purpose of this documentation is to describe the basic operation of Rizikon Assurance as a Manager/Completer/Assessor in the current live version of Rizikon Assurance v2.1 and will be updated in-line with new versions.

Table of contents

Getting started with Rizikon Assurance

This guide aims to help first time users with getting started on their first assessment. This guide will explain what Rizikon Assurance is, what you need to do, and the process for completing an assessment. This guide is intended for “Assessors”, this means the users who assess the assessments. If someone within your organisation has asked you to assess an assessment using Rizikon, they are referred to as a “Manager”,  and the supplier filling in the assessments are referred to as a “Completer”.

What is Rizikon Assurance?

Rizikon Assurance is an assessment management system. This means Rizikon is used to keep track of assessments, and to ensure that assessments are tracked, answered, reviewed, and returned as efficiently as possible.

For managers, Rizikon Assurance allows them to keep track of large numbers assessments and monitor the progress of assessments.

For assessors, Rizikon Assurance helps them provide fast & accurate feedback,  and support users through the assessment process.

...

For suppliers, Rizikon Assurance will allow you to complete the assessments that have been assigned to you, upload comments and attachments to support your answers, delegate questions, and receive feedback on your answers.

To get started with Rizikon Assurance, you should have received an account activation email. The account activation email will be covered in the next section of this guide

Activating your Rizikon account

If you have been asked to assess an assessment using Rizikon, you should have received a “new account” email, with a link allowing you to set up your Rizikon account.

Your new account email will look similar to the example shown below:

...

Help tip: If you have not received this email, and the scheduled start date has already passed, please contact support@rizikon.io with the Subject line “Missing account activation email”.

Once you have

...

set a

...

password

...

Note

Help tip: Link doesn't work? See below for more information.

The new password must be at least 8 characters long and should contain at least one lowercase letter, one uppercase letter, and at least one symbol or number.

...

Info

Help tip: It may occur that the link you are using has already been used, has expired, or is not valid. If this is the case, you may see an "Access forbidden" screen.

If you see this screen and are unable to access the “Reset Password” page, please contact support@rizikon.io with the subject line “Unable to reset password”. Please include the reference information (referenceID, timestamp, info) shown on the error screen in your email.

You will then be sent a new password reset link, and can set up your password as shown above.

Once you have set up your account, you can then use your email address to log in to Rizikon. To login to Rizikon, see the next section:

Logging in to Rizikon

Once you have set a password on your Rizikon account, you will be able to login into Rizikon. If you haven't set up your account yet, see the previous section on on Activating your Rizikon account.

...

To log inlogin, you will need to use your email address and password.

You can log in login here: https://assurance.rizikon.io

In order to log inlogin, you will need to agree to the the Rizikon Terms and Conditions

...

Help tip: Forgotten your password? 

You can use the following link to reset your password: https://assurance.rizikon.io/sso/forgotpassword

Info

Still having issues? You can

...

email support@rizikon.io

...

 with the subject “Password reset request”. Please ensure that you use the email address for the account you would like to reset

...

Summary view

As a Manager the first screen that you will see after logging in will be the Organisation Criticality Distribution.  This 6x6 matrix can plot "Impact" against "Risk" for all suppliers on the system, and also appears on the organisations’ page as an additional filtering option. 

By default, you will see here the information from the Organisation’s Default scorecards, however, you can change the Scorecard type for one that has the most important information for you

.

You can click through the fields with numbers and see which Organisations belong to the chosen criticality.

 

In the example below you can see Organisations in the chosen field for ‘High’ Risk and ‘Very High’ Impact, based on Supplier Onboarding Scorecard. From here, you can also easily access the company details page and its scorecard.

...

Below the Organisation Criticality Distribution there is another graph that shows Status of Assessments, on which you can immediately see assessments sorted by their status into the following categories: 

  • Issued - Assessments that have been created but not sent/sent for completion but not opened

  • In Progress - Assessments that have been opened but not completed (either on target or late for submission) and assessments that have been sent back to the Completer for the clarification

  • For Review - Assessments that have been submitted but not reviewed yet, under submission (either on target or late for approval)

  • Approved - Assessments that have been approved

  • Rejected - Assessments that have been rejected

  • Cancelled - Assessments that have been cancelled

...

You can view all assessments, or sort them by their category below the graph.

At the bottom of the Summary page, there is Assessment Score Distribution which again can be sorted either by the assessment status (approved/rejected/all) or/and their category.

Image Removed

The right side of the menu shows logged in username and capabilities for this user (Assessor, Completer, Manager).

In this menu you can: 

  • See more information about Rizikon Assurance

  • Switch to Portal view, or toggle back to manager view. 

The portal view is what Completers and Assessors will have access to if they do not also have the manager capability (this view does not have access to Contacts,  Organisations, Dashboard, Scorecards etc). In the portal view you can only see assessments that you are directly involved in, for instance as a Completer you will see the assessments that you need to complete, as an Assessor you will see assessments that need to be addressed and assessed. 

  • Change your password

  • Set up Two-Factor Authentication - Here you can see if the Two-Factor Authentication has been set and set it up if it is not.

  • Logout of the portal

...

It is easy to set up, all you need to do is to scan the  QR image using the authentication app and enter the confirmation code.

You can find more about setting up 2FA in this guide and also on this video help guide.

Organisations menu

Organisations page shows the view on all of your created Organisations, as well as extra information like company tags, their primary contact, their number of assessments, their criticality, etc. 

On the left, there is an option to filter them by choosing options from the filters available on the left, or by their criticality for the chosen scorecard type in the mini 6x6 matrix. Filtering by tags also gives chance to filter only by Risk/Impact or any other tags that were created. There is also an option to ‘Include deactivated’ Organisations that would be turned off by default.

...

On this page, you can also download your Organisation’s in simple CSV file that you can edit and upload back again (it might become handy for updating your data in bulk) and to view their Scorecards.

In order to do so, you just have to tick all/selected boxes to have an option to view Scorecard for chosen Organisations or Download the data.

Creating organisations

Creating the Organisations first allows you to attach Contacts to the Organisations.

In order to add a new organisation, you have to click on the ‘Create Organisation’ button in the Organisations Menu.

...

The only mandatory field is “Name” however is best to fill as many as you can to speed up the process later. 

Primary Contact (person responsible for filling in the assessment), Person Responsible (person responsible for the contract, can be internal, external or left blank) and its Impact (if you are not sure of the impact, you can leave it on ‘Medium’ by default or as ‘Unclassified’).

...

While creating the Organisation, you have an option to link the company to Creditsafe (should you wish to use Creditsafe built-in features), and also to choose the default Scorecard for this particular Organisation. 

...

To link organisation with Credit safe you have to  click on the tab shown below while creating/editing the organisation:

Make sure to filter through the left side option to choose the correct company, to make sure that you will run the search on the correct organisation. If you are sure that you have correct one found just simply choose it from the list. You can edit this connection at any time and unlink company from Creditsafe should you wish to.

Default Scorecard field - you can leave it blank

...

should you wish to; however, it makes sense to have default scorecard as something that is relevant to you in your chosen Organisation, or something general like ‘Supplier Onboarding’ or ‘General’ Scorecard.

You can click on ‘Create’ to create one organisation or tick ‘Create another Organisation’ to create another one straight after.

Contacts menu

This view shows all of your Contacts, their Organisation, contact details, their capabilities (Manager, Assessor, Completer), number of assessments and also information about when they have logged in last time, and whether they have confirmed and used their account (account status can be: active, unconfirmed, blocked).

Similarly to the Organisations page, the filter option on the left allows you to filter your view by Name, email address or Organisation. You have an option to include in the list Contacts that are deleted as well (‘Include deleted’ option on the left under filter options), and you can also download your Contacts data (top right).

This option could be helpful for example to update your contact details in bulk. File will be downloaded as a simple CSV file that you can easily edit and upload back again.

...

Creating contacts

To Create Contact you need to go to:

...

Main Menu -> Contacts -> Create Contact and fill in all the details. 

The only fields that are mandatory are First Name, Last Name, and Email. If you have Organisations created already then you can link them to the Contact in the field ‘Employee of’. Here you can also add contact’s capabilities, which by default are set up to ‘Completer’.

To change capabilities to ‘Assessor’ you need to tick ‘Assessor’ tick box and untick ‘Completer’ box. Bear in mind that should you wish to, same user can have more than one capability (for instance you could be Manager and Assessor).

You can click on ‘Create’ to create one contact, or tick ‘Create Another’ to create another contact straight after. There is also a ‘Send Invitation Email’ tick box which is ticked by default. This will send automatically an email from Rizikon to newly created Contact to register to the platform, set up their account and choose their password. You can see more about this process from the Completer (Supplier) point of view from this video. 

There is a short video guide on creating contacts which you can see here.

Contact details panel

In Contact Details Panel you can see all the Contact Details: Name, Email address, Account Settings, Security Status, see if the user is using Two Factor Authentication, which Organisation user is employed by and user Capabilities. 

...

Contact details view also allows you to edit contact details, add extra user capabilities, change user status –

for instance, it can be ‘deleted’ or ‘blocked if you wish to delete the user or block/unblock user.

There is an option here to ‘Send Reset Password Email’ if the user has forgotten their password and you can also view all of the contact’s assessments.

Creditsafe features

To link the Organisation to the Creditsafe - while creating/editing the Organisation click on ‘Link Organisation to Creditsafe-listed Company’ -> type in company name (without spaces) -> click on ‘Find Company’ -> select appropriate company from the list.

To unlink organisation with Creditsafe you have to go to Organisations -> choose the organisation you wish to unlink with Creditsafe -> ‘Edit’ -> ‘Unlink Organisation with Creditsafe’.

In order for Creditsafe information to appear on the scorecard, you need to link the Organisation with the Creditsafe first and then click on ‘Request Company Report’ in the chosen Organisation page. 

...

This requires a Creditsafe Token(s), and you will have a pop-up window that will ask for confirmation before using your Creditsafe Token.

In order to view full Creditsafe Report, you need to go to ‘Creditsafe Reports’ and choose ‘View Report’. This will charge you one more Token so in total to see full Creditsafe Report you will need two tokens. To view the report that you have already ‘paid for’ again, you don’t need to spend additional Tokens.

If you have requested multiple reports over time, they all will be accessible here, not just the latest one.

Organisational tags

Organisation tags provide a method to categorize and sort information about your organisations. Tags can be used to search, categorize, filter, and manage your organisations. You can create a tag using the Create Tag button. All tags have a maximum length of 64 characters. Tags are accessed by going to the Tools menu next to the user panel.

Tags consist of group of system tags: Risk and Impact Tags. Both of those range from unclassified to very high and represent the organisation's security risk and the organisation's security impact.

Those Tags cannot be changed by the Manager, however, if needed they can be changed in a configuration menu.

...

Creating organisation tags

Fill in Tag Name (mandatory), Tag Description, Parent Tag (you can nest tags and have parent tags), choose Tag Style, Tick box if you would like to make them mutually exclusive. You can either approve by clicking on ‘Create’ or if you tick extra box ‘Create Another’ you will go straight to creating another Organisational Tag.

...

Sending the assessments

To send assessment we need to go to the Main Menu -> Assessments page. 

In this view we can see all of the assessments sent, as well as their progress, score (if it was already submitted), status (Draft, Sent for completion, Opened, Submitted, Under review, Sent for clarification, Rejected, Approved, Cancelled), Primary Completer, Primary Assessor, Date Issued, Last Answered and Renewal Date.

This view can also be filtered by Assessment Name (search box), Assessment Category (drop down from choice of assessments available), Organisation (drop down from the Organisations that are already created), Assessment status and Completer/Assessor, which might be useful to look up particular Organisation or group of assessments. 

The same as with the other sections, you can also include in the view the assessments that were archived and assessments that need renewals only.

...

To send out a single assessment you have to go to ‘Create Assessment’ in the Assessments Menu, choose the Assessment Category and Organisation and click on ‘Add details’.

The only mandatory fields are Assessment Name and Completer; however, you can add Additional Completers and Assessors, Submission Target Date, Decision Target Date, and Renewal Date. There is also the Internal Note and External Note section, Internal Note being visible only for Managers, External Note will be visible to the Managers as well as Completers. 

‘Create & Send’ button will create and send out the assessment and send out an email notification about the assessment to the completer.

...

In the assessment view, you can also send single reminder emails and resend assessment (under ‘Actions’ on the left side).

  • ‘Send reminder emails’ in case that you have sent the assessment to the Completer a while ago, but they still have not opened the assessment.

  • ‘Resend assessment’ in case that the person that is currently the Completer has changed, or their email address has changed.

...

Bulk actions

Upload data

...

Tools menu in the user panel gives us the option to bulk data upload (Assessments, Organisations, Contacts). Bulk upload allows you to bulk upload data in CSV files.

To bulk upload the data you need to download the template provided for the relevant section and fill it in.  When you will choose the file ready to upload, click on the ‘Validate CSV file(s)’ button to validate the files and checking for errors before it will be uploaded into the system. 

...

Adding/updating Information

Data upload tool allows you to add Organisations/Contacts in bulk; you can use it to either upload your list of Contacts/Organisations or update their information.

For all entities there are two possible actions, "C" which signifies that the entity is to be created new, and "U" which signifies that the existing entity is to be updated. To either create or update an entity please put the corresponding letter in the action column of the CSV file.

action - U/C   (Update/Create)

organisationName - Organisation name

primaryContact - Primary Contact (within the Organisation)

personResponsible - person responsible (within your Organisation)

active - TRUE/FALSE (TRUE if Company is active/ FALSE if the company is deactivated - it will show in the Organisations tab only if you tick ‘Show deactivated’)

impact - can be number 0-5, fill in only if known; otherwise leave as 0

notes - internal notes/optional

Here is an example of a filled-in CSV file as an example:

...

Creating assessments

 You can use this feature to add assessments to the system in bulk. Assessments created this way will show up in the ‘Assessments’ page with ‘Draft’ status, where you can select them and send them to the Completers (they won’t be sent automatically).

In order to do so, download the Assessments Template, fill it in accordingly to the template layout:

action - C (create)

assessmentName - ‘Company/exact name of the assessment’

completerEmail / assessorEmail / organisationName - as stated fill with completer’s email / assessor’s email / organisation name

assessmentStatus - if creating new assessment always put ‘DRAFT’ in this field

(Changing status here for instance from OPENED to SUBMITTED will not actually submit the assessment itself, so if you are updating data that was downloaded, just leave it as it is. If you are uploading new Assessments then fill it as ‘DRAFT’).

renewalDate /submissionDate/ decisionTargetDate - you can set those dates up for reference

score - leave blank if creating new or just leave with whatever value is in if you are updating any info

notes - internal notes (these are optional)

externalNotes - these are optional and will be visible on an email inviting to the assessment and also on the assessment details page

questionSet - a choice from all question sets available:

  • Supplier Qualification

  • Modern Slavery

  • GDPR Data Processor

  • Bribery and Corruption

  • Security Low Risk

  • Security High Risk

  • ISO 27001

...

The assessments will be created as drafts ready to send, bear in mind that the system will not send out these assessments automatically. To send out the assessments in bulk you have to first filter them out by going to the ‘Assessments’ tab and filtering assessments by status ‘Draft’. You should tick all tick boxes that are corresponding to the assessments that you want to send out, and click on the option shown on the picture below. 

...

Scorecard

Scorecard gives you a 360° view of your supplier risk. It can be customized to show information either from the assessment, from multiple assessments or from the Creditsafe.

There is an option to edit (override) risk segments scores and change it into value 1-5.

...

Notifications

In Rizikon Assurance 2.1 we have introduced a new notifications feature. All users will now be able to see a notifications dropdown on the navigation bar, next to user options.  This will allow users to receive notifications from within the system on such things as Assigned assessments, Comments, Submissions and Assessments being Sent for Clarification, among others.

...

To view a notification, click the bell icon. This will show notifications from the last 30 days, filtered by "unread" first. Users can mark a notification as "read" by clicking the orange dot on the left, or delete it by clicking the cross on the right.

At the moment you will receive notifications when:

  • Assessment has been assigned to you

  • Assessment was submitted

  • There are comments from the assessor/completer on the assessment that you are assigned to

  • Login session alerts

This feature will expand in future updates and will integrate closely with the other parts of the system to greatly improve workflow.

In order to view all of your notifications you need to go to the notifications centre (show all on the picture above).

Notifications centre

We have expanded Notifications and added to the system Notifications Centre where you can see all of your notifications. You can also click on ‘View’ to view the source of the notification e.g. view the assessment that the notification is coming from.

On the left side you have extra menu which allows you to filter through your notifications depending on ‘read status’ (all/read/unread), ‘time’ (today/last 7 days/ last 30 days/ last 12 months) and the ‘notification type’ (assessment status activity/comments/assessment contact activity/new user sessions/system activity).

...

There is also a Settings tab which allows you to switch your chosen notifications on/off depending on your preferences. At the moment you can control notifications like:

  • Assessment Status Changes

  • Comments in Assessment

  • Assessment Assignee Change

  • New Session Alert (logging in on another device at the same time)

...