Questionnaire invitations allow you to create questionnaires, send them to people outside of your organization, and get back their responses.

Creating external questionnaires

In the Questionnaires section of org settings, you’ll see two tabs, “Internal” and “External”. “Internal” questionnaires are the questionnaires that appear in Launches and Data Specs. “External” questionnaires are the questionnaires that you can send to people outside your organization, like vendors and other third parties.

Creating a new external questionnaire is nearly identical to creating an internal questionnaire. You can create pages and questions, add display conditions for individual questions, and configure risk scoring. You’ll also have the ability to preview the questionnaire before you publish it.

In addition to creating new questionnaires from scratch, you also have the option to import Google’s open-source “Vendor Security Assessment Questionnaires”. Clicking “Import Google VSAQ” will add four new questionnaires to your library:

  • Web Application Security Questionnaire
  • Security & Privacy Program Questionnaire
  • Infrastructure Security Questionnaire
  • Physical & Datacenter Security Questionnaire

After importing these, you can send these as-is to third-parties, or modify them to your liking.

Questionnaire invitations can contain multiple questionnaires. This is useful if your questions span a range of subjects, and multiple people might be needed to respond completely. For instance, if you have both development-related questions and legal questions, you could create two separate questionnaires, and include both of these in an invitation. This makes it easier for the third party organization to divide up the work. Individuals can work on the questionnaires that are relevant to them, instead of having to go through a single large questionnaire to find the questions that apply to them.

Once you’ve created some external questionnaires, click on the “Questionnaire Invitations” icon on the far left of the screen (directly underneath the “Launches” rocket) to start sending invitations and getting responses to your questionnaires.

Questionnaire invitations

If you haven’t created any external questionnaires yet, the first thing you’ll see on the Questionnaire Invitations page are buttons to import the Google VSAQ or create a new questionnaire from scratch. You’ll need at least one questionnaire in your external questionnaire library to send a questionnaire invitation, so if you haven’t created one yet, go ahead and do that.

Once you have created some questionnaires, you should see a button to create your first invitation.

Creating an invitation

A questionnaire invitation has four parts:

  • the name of the organization you’re sending it to
  • the questionnaires you want that organization to respond to
  • the individuals at that organization that will be responsible for completing the questionnaires (along with their email addresses)
  • an optional message that will be included in the invitation

Clicking “Create Invite” will walk you through each of these steps.

Select a Third-Party Organization

Select a third-party from your organization’s list of third party organizations, or type in the name of a new third party organization. If you enter a new organization, it will not be added to your list of third parties.

Select Questionnaires

Select the questionnaires that you want the organization to complete

Add Respondents

Add the first name, last name and email address of each person you want to complete the questionnaire.

Add a Message

If desired, add a short message that will be included in the email and when people start the questionnaire.

Then click “Send” to send the invitation.

When you send the invitation, each respondent will get an email with a link to view the questionnaires and add their responses.

Manage Invitations

Once you’ve sent an invitation, you’ll see a list of all your sent invitations on the “Questionnaire Invitations” page. Each row shows the organization that the invitation was sent to, the date it was sent, the list of questionnaires in the invitation, and their status (Not Started, In Progress, or Completed). Click on the organization name in the row to manage the invitation.

On the “Manage Invitation” page, you can add and remove respondents from the invitation under the “Respondents” header. Additionally, from the “more” menu in the top right, you can:

  • Resend Invite. All respondents will receive the invite email again, with the link to complete the questionnaires
  • Revoke Invite. All invite links will be invalidated, and no one will be able to change their answers
  • Lock Invite. Respondents will only be able to view their response, but not change it.
  • Delete Invite. Revoke the invite, and delete all responses.

Viewing responses

To view completed questionnaires, click the “View Responses” button next to the questionnaire name. You can’t view the response of a questionnaire that hasn’t been completed yet.

Responding to Questionnaires

When someone receives an invitation email, it will include a link to to view and respond to the questionnaires in the invitation. This link is unique for everyone that receives the invitation, so that if someone is erroneously included in the invite, revoking their invite will prevent that person from accessing the questionnaire in the future, but not the other people that were invited.

Clicking the link in their email will take the respondent to a landing page where they will see a list of all of the questionnaires that they need to complete. From there, they can select one to start on. Their work will be saved as they go from page to page. When they complete the last page of the questionnaire, the response will be marked as complete. They can then view their responses, edit their responses, or start on another questionnaire.

When a questionnaire is completed, both the person who sent the invite and the person who completed the questionnaire will receive a confirmation email with a link to view the response.

The work of completing questionnaires in an invitation is meant to be shared. Everyone that receives the invitation will be working on the same set of responses. For example, if Shannon clicks the link in her email, starts and completes one of the questionnaires, and then William clicks his link, he will see all of Shannon’s work so far, and he will be able to change the response and resubmit it.