Search

Assessment Roles

Overview

Assessments typically have one or more stakeholders playing various roles. Understanding the difference between these roles is important for understanding the different assessment workflows.

The screenshot of the New Assessment page below shows where to find the various assessment stakeholders.

New Assessment page with assessment stakeholder fields highlighted
Assessment Roles
Assessment Creator (1)

The user who created the assessment. Initially, the system assigns all assessment roles to the creator. This is the only role that is typically not included in the list of assessment properties.

Assessment Owner (2)

The user who is typically the business owner of the assessment.

Approver(s) (3)

Each assessment must have one or more approvers who approve the assessment after all respondents submit their answers, and a reviewer who reviews the answers and resolves any identified issues. The reviewer can be the Assessment Creator, Owner, or one of the Approvers.

📋 Notes on approval tiers
Approvers can be added in hierarchy. Add the first line of approvers in the Tier 1 field — the assessment creator is the default Tier 1 approver. Click Add New Tier to add further approval levels. Only system users can be added as approvers.
There is no limit to the number of chains or approval levels.
Tier 2 approvers can only begin approving after all Tier 1 approvers have approved or failed the assessment.
One approver can exist in multiple tiers, but their approval is counted only once.
The majority rule still applies in determining whether the assessment reaches the Approved or Failed state.
When the condition for approval routing is met, current behavior still applies — the approval chain will not be implemented.
For auto and cloned assessments, the approval chain of the parent assessment is copied when configured to copy parent approvers.
Default Respondent (4)

The default respondent for all assessment sections, assigned through the Default Respondent field. The system automatically sets the Assessment Creator as the Default Respondent. You can change the respondent at any time, and you can assign different sections to different respondents by selecting Assigned by section from field (5). See Assigning Different Respondents to Different Sections for more information.

Respondent

A manually assigned respondent to one or more assessment sections who is not the Default Respondent. Note that both Respondent and Default Respondent do not have to be registered users in your organization — you can assign the whole assessment or individual sections to any person with an email address outside your company by selecting a non-system user. This is particularly useful for vendor assessments. All non-Respondent fields, however, can only be filled with system users.

Participant(s) (6)

One or more users who are not the Assessment Creator, Owner, Respondent, or Approver, but who should have access to the Assessment Report and be able to see the respondents' answers.

📋 Note: Users can create one or more remediation tasks associated with an assessment. These tasks can be assigned to any user, who does not need to be an Assessment Creator, Owner, Respondent, Approver, or Participant.
Assessment Visibility

All assessment stakeholders can see the assessment regardless of their User Role in the system. However, users who only have the Respondent or Project Manager system role can only see assessments that are directly associated with them. Users with only the Respondent system role can access only the Survey portion of the assessment where they answer questions — they cannot access the Assessment Report or view other respondents' answers.

An assessment will not be visible to a Default Respondent with a Respondent or Project Manager role if none of the assessment sections are assigned to that respondent — for example, if all sections were manually reassigned to different respondents. See Assigning Different Respondents to Different Sections for more information.

Once a respondent submits their answers, the Assessment Survey is no longer accessible to them. Users with the Project Manager role, however, retain the ability to see their own assessments.

TrustArc  ·  Understanding Assessment Roles  ·  support.trustarc.com