TrustWorks Assessments Guide

In TrustWorks, Assessments help you carry out PIAs, DPIAs, and other privacy evaluations—making it easier to spot risks and demonstrate compliance.

Overview

Creating an Assessment in TrustWorks involves two main stages:

  1. Survey Creation: Define the questions and structure of the survey.
  2. Workflow Setup: Configure the sequence of actions and conditions for triggering the survey.

Step 1: Create a Survey

Go to WorkflowsSurveys. Click +New to open the survey builder.

Set Up Your Survey

Name Your Survey

    • Provide a clear and descriptive name for your survey.

Select Related Entity

    • This is crucial. Choose from options like Data Repository, Processing Activity, or Initiative. This selection determines the context in which the survey will be used.

Add survey description. This will help the respondent get the idea of what is expected.

Add Survey Sections and Questions

Question Types:

  • Statement
  • Short question
  • Multiple choice

Entity-Specific Question Types:

  • Data Repository: categories of data, related processing activities, custom attributes
  • Processing Activity: data mapping, purpose of processing, lawful basis, legal entity type (controller or processor), custom attributes
  • Initiative: description, reference documents, related repositories or processing activities

💡 Note: Special questions specific to each related entity, when answered and approved, will be populated inside the PA, Data repository, or initiative and linked to them.


Organise and Finalise

Set up the conditional logic (optional)

For multiple-choice questions, you can set up additional logic:

  • Enable the Conditional toggle.
  • Select conditions (e.g., if "Yes"—go to next section; if "No"—submit survey).

Organise Questions

    • Change the order of questions if needed by dragging them as needed.

      Edit or Delete Questions

    • Modify or remove questions as needed.

Enable Risk Insights and/or DPIA insights (optional)

    • These insights are AI-assisted and will appear once the survey is complete. You can review and import them to the related object during the approval process.

Finalise Survey

    • Once you are happy with your survey, change the survey status from Draft to Approved and proceed to save it.

⚠️ Only Approved surveys can be used in Assessments.



Step 2: Create a Workflow for Your Assessment

Navigate to Workflows

    • Go to Workflows and click +New.

      Set Up Your Workflow

    • Workflow Type: Select Assessments.

    • Related Entity: Indicate the entity (one entity per workflow) for which the assessment will be used.

      Configure Event Trigger

    • Select Assessment is created as the event trigger.

      Define Actions

    • Choose the actions to be triggered next, such as:
      • Survey
      • Send Email
      • Send Report
      • Task

    • Important Step: Select the survey to be sent, assign the respondent (if left blank, the entity's owner is assigned), and optionally, assign a reviewer.

      Add Additional Steps (Optional)

    • You can add more steps like additional tasks or emails.

Finally, make sure that your workflow is set to active   . Only active workflows will b able to trigger the assessment.


Running an Assessment

Once your workflow is set up, you can create and run an assessment from any related entity, in bulk, or directly from the assessments page.

You can also trigger separate assessments by selecting multiple assignees. Keep in mind these will be individual surveys, not collaborative ones.

This approach isn’t recommended when using smart questions, since each approved survey updates the related object. For example, if a survey includes a ‘purpose of processing’ question and you trigger two individual surveys, each respondent’s answers stay hidden from the others and each approval will overwrite the object’s information.

Adding collaborators

After triggering a survey, you can invite collaborators in addition to the main respondent. Collaborators are added per survey. Once invited, they receive an email notification and gain access to the survey. They can edit any question, and you can tag them in comments to indicate where their input is needed.


Running Vendor Assessments

Vendor assessments follow the same general setup but require a few additional configuration steps:

  1. Link an Asset to a Legal Entity
    • Open the relevant Asset representing the vendor-related application or service.
    • In the Legal Entity field, link the vendor’s Legal Entity.

  1. Add the Vendor Contact
    • Within the Legal Entity (vendor) details, add the Contact Email for the vendor representative. This is the address where the assessment survey will be sent.
    • Optionally you can add additional contacts. They will be invited to participate in a survey too.

  1. Configure the Workflow
    • In the workflow’s Survey Action, set the Respondent as Vendor.
    • This ensures the survey is sent to the vendor contact linked to the entity.
  2. Trigger the Vendor Assessment
    • From the Asset page, click + Run Assessment and select the appropriate workflow.
    • The linked vendor contact(s) will receive the survey invitation.

💡 Currently, vendor assessments can only be triggered from the Asset context. In upcoming releases, you’ll also be able to run them directly from the Legal Entity view.

Example Use Case

You manage a CRM system linked to an external provider.

  • The CRM is registered as an Asset.
  • The provider (vendor) is added as a Legal Entity of type Vendor and includes a contact email.
  • You create a Vendor Risk Assessment workflow with the vendor as respondent.
  • When triggered from the Asset, the vendor receives the questionnaire for completion, and results are linked to that Asset and Legal Entity.

Still need help? Contact Us Contact Us