Findings
Findings are observations and issues flagged during the analysis of vendor resources and questionnaires.
Overview
The Findings tab provides a consolidated table of all findings across your vendors. Each finding represents a security gap, non-conformity, or risk identified during the review process.
Finding properties
Each finding includes the following properties:
Property | Description |
|---|---|
Name | A descriptive title for the finding. |
Severity | The severity level: Critical, High, Medium, or Low. |
Treatment plan | How the finding will be addressed: Accept, Mitigate, Needs review or Not applicable. |
Note | Additional context or details about the finding. |
Severity levels
Severity | Description |
|---|---|
Critical | The most severe findings requiring immediate attention. |
High | Significant security gaps that should be addressed promptly. |
Medium | Moderate issues that should be planned for remediation. |
Low | Minor observations with limited risk impact. |
Finding sources
Findings can be created in two ways:
Automatic findings -- Generated automatically when analyzing questionnaire responses. These are triggered based on pre-configured rules tied to specific answers.
Manual findings -- Added by the Security Officer during the review process, on any question regardless of evidence.
Finding lifecycle
Findings follow a lifecycle:
Draft -- Created during questionnaire review but not yet finalized.
Active -- The finding is live after the questionnaire review is completed.
Remediated -- The finding has been addressed and resolved.
Marking as remediated
When a finding is active, a Mark as Remediated button appears.
A toggle shows/hides remediated findings.
Remediated findings are excluded from scoring.
A Reopen button allows reverting a remediated finding to Active.
Remediating a finding will improve the vendor score and your overall Security Posture Score.
Ordering
Findings in the questionnaire review modal are ordered by severity by default (Critical first, then High, Medium, Low).