Resources
Resources are documents, assessments, and questionnaires associated with a vendor. They form the evidence base for security assessments.
Requesting resources
When you request resources, no email is sent to vendors. You need to share the Vendor Portal with the vendor first (see Vendor Portal).
Types of resources
Galink supports three main types of resources:
Galink Assessment -- A managed security assessment conducted by Galink analysts.
Custom Questionnaire -- A security questionnaire configured by your organization and sent to the vendor (See questionnaire section)
Other resources -- Supporting files such as certifications, audit reports, and security policies.
Supported file types
For other resources, Galink accepts the following file formats:
Documents: ZIP, DOC, DOCX, XLS, XLSX, PPTX, CSV, TXT
PDF
Images: PNG, JPEG
Resource status
Each resource has two status dimensions:
General status
Lifecycle | Description |
|---|---|
Active | The resource is currently active and in use. |
Archived | The resource has been archived. |
Deleted | The resource has been removed. |
Expired | The resource's expiration date has passed. |
Request status
Status | Description |
|---|---|
Not requested | The resource was added directly, not requested from the vendor. |
Pending | The resource has been requested and is awaiting vendor response. |
Provided | The vendor has provided the resource. |
Needs Review | The resource is being reviewed (questionnaires only). |
Unavailable | The vendor indicated they do not have this resource. |
Rejected | The vendor did not respond (Galink Assessments only). |
Adding and requesting resources
You can either:
Add a resource directly -- Upload a document to the vendor's profile.
Request a resource -- Send a request to the vendor through the Vendor Portal.
AI analysis
Galink automatically triggers AI analysis for certain resource types:
SOC 2 Type 2
The AI checks:
Is this a valid SOC 2 Type 2 certificate? Issued by whom?
Is the audit window end less than 12 months ago?
Does the scope include the vendor?
What is the auditor's opinion?
ISO 27001
The AI checks:
Is this a valid ISO 27001 certificate? Issued by whom?
Is the certificate still valid?
Does the scope contain the vendor name?
Pentest reports
The AI checks:
Is this a pentest report? From whom?
Is it less than 1 year old?
Does the scope include the vendor?
Are there high/critical unremediated vulnerabilities?
All AI analysis results are generated in both English and French.
Sending reminders
A Send Reminder button is available on the Resources tab when a questionnaire is in progress:
Opens a modal showing recipients who have access to the portal.
The Security Officer is added to reply-to.
A single email is sent to all selected recipients.
A new event is logged in the Activity tab.