Skip to content
Galink Help Center home
Galink Help Center home

Assessments

Assessments are the formal security evaluations of your vendors. They are the only way to update a vendor's approval decision.

Overview

Each assessment captures the Security Officer's evaluation of a vendor based on all available resources, findings, and questionnaire responses. Assessments provide a structured decision-making process with full traceability.

Assessment contents

Each assessment contains:

Field

Description

Summary

A written summary of the assessment findings and evaluation.

Approval Decision

The decision on whether the vendor meets security requirements.

Next Assessment Date

When the vendor should be reassessed (default: +1 year from current date).

Set realistic assessment cadences -- High-risk vendors (Tier 1) should be reassessed more frequently than low-risk vendors (Tier 3).

Starting an assessment

To start or update an assessment:

  1. Navigate to the vendor's profile.

  2. Open the Assessment tab.

  3. Click Start Assessment (or Update Assessment for existing assessments).

The assessment modal is full-page and displays:

  • All active and submitted resources, ordered by date added.

  • All findings (which can also be added during the review).

Updating an assessment

When updating an assessment, a new version is created. Previous assessment data is stored and shown in the activity log, providing complete audit trail.

AI Assessment Recommendation

During the assessment, Galink's AI can generate a summary comment to assist the Security Officer. The AI recommendation appears when three conditions are met:

  1. It is the initial assessment (no prior assessment on the vendor).

  2. At least one questionnaire or finding is available.

  3. The comment has not already been ignored or inserted.

Two actions are available:

  • Insert -- The AI-generated comment is copied into the comment field.

  • Ignore -- The AI-generated comment is dismissed.

The summary is re-generated whenever a finding changes or a questionnaire is added. Only findings with a "Mitigate" treatment plan are included in the AI input. The comment is available in both French and English.

Powered by Plain