You can create custom questionnaires to use in Bitsight VRM and Legacy Bitsight VRM. These questionnaires are included in assessments as artifacts. The creation process has three steps:
- Download the VRM Questionnaire Template. This Excel file contains example data and guidelines to help you complete the template.
- Delete the example data and fill in the questionnaire fields.
- Attach the completed template to a Support ticket. Our Support team will facilitate the process of entering the questionnaire into VRM.
This process can be used to create questionnaires to share with vendors or internal questionnaires. Specify in your Support request which type of questionnaire you are creating. Once a custom questionnaire is added to VRM, you can share it internally or with your vendors depending on your choice.
Questionnaire Instructions
The VRM Questionnaire Template is a downloadable Excel spreadsheet. It is made up of columns of data that our Support team will use to generate your questionnaire.
On the first tab, you can review examples of data already entered into the template. Delete this example data before completing the template yourself.
On the second tab, you can review the following guidelines to help fill in the template.
* Required.
Column Name | Description | Example Values |
---|---|---|
* SurveyName |
The name of the survey. This column will match the survey name in VRM. The same value for SurveyName must be included in every row. |
Saperix Questionnaire 2024, Saperix Vendor Assessment v. 1.5, Saperix Security Review |
* CategoryName |
Category (section) of the survey name that will be displayed on the left side of the screen. Categories can only be used one time; if the same category is reused later in the template, all questions will appear together in that category. Questions in a category are listed sequentially. |
General, Access Control, Security Incidents, Threat Management, BC/DR |
* ID |
The numeric ID associated with a question. Parent questions have whole number IDs. Child questions have IDs that begin with the same number as the parent question, followed by a period and another number in sequence, starting at 1. This ID is not visible in the final questionnaire,but is visible in the CSV download of the questionnaire and is used when uploading responses. We recommend restarting the numbering in each new category. |
1, 2, 3 1.1, 1.2, 1.3 |
* Question | The question. Questions should ask one thing. |
Is Multi-Factor Authentication (MFA) utilized? Does the policy or procedure for information handling include encryption requirements? |
Description |
A description of the question for vendor reference. The description is visible in the final questionnaire. Some companies use the description to ID questions so that vendors can better reference them. The description is a good place to add clarification to the question, provide an explanation of the answer options, list control domains covered, and reference an industry standard questionnaire question or framework |
|
* QuestionType |
The type of question to create. We have many existing question types and can create custom ones as needed. Give custom question types a clear name that indicates what data collected is and for whom. |
Existing question types:
|
* Priority |
The priority associated with the question. Priority is measured from 0 to 4, where 0 is none, 1 is low, 2 is medium, 3 is high, and 4 is critical. 0 priority is assigned to the Free form String question type because we cannot score the vendor’s response. |
0,1, 2, 3, 4 |
NotesRequired |
Indicates that a note is required. This column is not conditional. We recommend that you use it sparingly. This value is not needed for the Free form String question type, as it is already a text response. |
true, false, or blank (blank=false) |
DocumentsRequired | Indicates that a document must be uploaded. This column is not conditional. We recommend that you use it sparingly. | true, false, or blank (blank=false) |
ParentQuestionID |
For child questions only. The ID of the parent question that triggers the child question. Parent and child questions must be in the same category. |
|
ParentAnswerToShowChild |
For child questions only. The specific answer that triggers the child question. This value must match the QuestionType value of the parent. Parent and child questions must be in the same category. If multiple parent answers should trigger the child, separate them using a vertical bar (|). |
|
Additional Notes | Notes to help our Support team create your questionnaire. These notes are not uploaded to VRM, but instead help us understand the details of any custom questions types or message responses you’d like to include. |
- August 5, 2024: Expanded column descriptions.
- March 28, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.