...
When does an assessment become completed?
The final step before an assessment is completed is when the requesting institution someone “Acknowledges” the assessment. At this point, the assessment is considered completed and will be available to other institutions in Isora Lite, provided the option to share was checked.
If a vendor gives the requesting institution unsatisfactory answers, can the requesting institution push back on them?
Yes. Up until the assessment is Acknowledged by either the vendor or the requesting institution, the assessment can be modified and the link used by the vendor to access their assessment will still be valid.
Can the vendor or anyone else edit assessment responses/answers after the assessment has been acknowledged?
No.
What if the vendor or requesting institution finds errors in an assessment after it has been acknowledged?
In order to maintain the reliability of data and prevent tampering, we believe it’s best to limit the amount of modification after completion.
When can an updated assessment be submitted for the same vendor/product?
We haven’t locked down a specific time frame that must pass before initiating another one, but it would be at least a couple of months. Three months seems like a reasonable timeframe to provide an updated assessment where changes might have been made. The vendor would need a requesting institution to reinitiatere-initiate. There is no method whereby a vendor can complete an assessment without an higher ed or government sponsor.
...
What is Isora Lite running on?
Isora Lite runs on AWS, operated by SaltyCloud. See our HECVAT Lite assessment for Isora for more information.
Where was Isora Lite developed?
Just like the full version of Isora GRC, Isora Lite was developed by the Information Security Office of the University of Texas at Austin.
Can we add attachments?
No, but we recognize the need to provide justification and explanation (some of the questions even ask for specific attachments). We’re exploring possibilities for including attachments. Presently, the comments section can be used to provide links to supporting information.
Can you upload an assessment into Isora Lite rather than completing within the tool?
Not at present; however, we will work to incorporate completed assessments into Isora Lite for a limited time to improve the usefulness of the tool. See “What if someone has already filled out a HECVAT in spreadsheet format in the last year?”
Can you export a completed assessment from Isora Lite?
No, but you can print the report page in PDF as you would any webpageYes, there is a CSV download button on the Report page. You can also print a PDF of the report from your web browser.
Does Isora Lite have API access?
Because of the nature of authentication in the system, there's not a good control that we would have to expose an API. We don’t envision this being included in Isora Lite although it is presently incorporated into the full version of Isora GRC.
Can we use different frameworks?
Isora Lite is limited to HECVAT, although there are several different question lists provided, depending on the level of detail you are interested in. Users of the full version of Isora GRC have complete control of question set and framework customization.
Is there any opportunity for post-processing assessments on the HECVAT?
No, Isora Lite is intended to simplify the completion and collection of HECVAT assessments.
Can you download a CSV of the completed HECVAT data?
Yes.
What’s next for Isora Lite?
Similar to our other free-to-EDU tool Dorkbot, our goal was to create a low/no cost tool to help the community gain better access to risk data on vendors. Being part of the community ourselves, we heard that a better way to track vendor risk was necessary and that resulted in Isora Lite. Just as we listened to the community to create Isora Lite, we’ll continue to get feedback from the community to understand how we can improve it.