Step 8 of 10

Review & Approval

Review vendor responses and manage the DPIA approval workflow.

Review Process Overview

When a vendor submits their assessment, it moves to the "Submitted" status and appears in your Pending Reviews queue. Here's how to review and approve assessments.

Assessment responses showing questions with answers and risk scores

Screenshot placeholder

Assessment responses showing questions with answers and risk scores
Review vendor responses with individual risk scores for each answer

Reviewing Responses

1

Access the Assessment

Click "Review" from the Pending Reviews section or the Assessments list.

2

Review Vendor Answers

Each response is displayed with:

Question text and answer provided by vendor
Risk score assigned to that answer
Required field indicator (*)
3

Check Risk Score

Review the total risk score and risk level at the top of the assessment. Pay special attention to high-scoring answers.

4

Make Decision

Based on your review, approve or reject the assessment.

Automation Results

The Automation Results section shows the calculated risk metrics:

Risk Score

100

Total points accumulated

Risk Level

CRITICAL

Based on thresholds

Rules Evaluated

0

Automation rules checked

Rules Triggered

0

Rules that fired

Approval Actions

Approve

Approve the assessment when:

  • Risk level is acceptable
  • All required answers are satisfactory
  • Vendor meets compliance requirements

Reject

Reject the assessment when:

  • Critical compliance gaps identified
  • Unacceptable risk level
  • Incomplete or inadequate responses

Adding Review Comments

When approving or rejecting, you can add comments to document your decision:

Review Notes

"Approved with conditions. Vendor must implement encryption at rest within 30 days and provide updated documentation."

Post-Approval Actions

1
Notify Vendor

Send notification of approval/rejection to the vendor

2
Document Decision

Decision and comments are logged in the timeline

3
Update Dashboard

Assessment moves from Pending to Approved/Rejected

4
Trigger Rules

Any configured Rule Engine actions execute

5
Generate Reports

Include in compliance reporting and audit trail

Review Best Practices

Review Promptly

Don't let submissions sit too long - vendors expect timely feedback

Focus on High-Risk Items

Pay special attention to answers with high risk scores

Document Rationale

Always add notes explaining approval conditions or rejection reasons

Be Consistent

Apply the same standards across similar vendors

Previous
Vendor Management
Next
Rule Engine