FAQ

Surveys & Assessments

Q: Can automatic survey notification emails be disabled?

A: Not entirely. At least one communication channel must remain active in the assessment workflow. However, you can switch survey notifications from email to Jira ticket updates instead. Fully disabling all survey task notifications is not currently supported.

Q: Can the owner be changed on completed assessments?

A: No. Once an assessment is completed, its ownership can’t be modified to preserve audit integrity and traceability.


Q: Can surveys be designed so that vendor responses are automatically documented in TrustWorks?

A: Yes — that’s exactly how surveys work in TrustWorks. Once a survey is approved, it’s automatically linked to the related Asset or Vendor, and all responses are saved within the platform for full traceability.


Q: The Submit button on a survey is greyed out and I can’t submit the response. Why is that?

A: This typically means one or more mandatory questions haven’t been answered. Review the survey and ensure all required fields are completed before submitting.


Q: What happens if I edit an AI-suggested risk?

A: It becomes a manual risk and won’t be regenerated on subsequent AI runs.


Q: Can rules create multiple risks from one answer?

A: Yes—define multiple risks per option by pre-defining multiple rules. However each risk needs to be set up separately.


Q: Do later changes to custom fields break in-flight surveys?

A: No. Field data used in conditions is versioned/copied at launch to keep logic stable.

Data & Risk Management

Q: Should the RoPA be maintained in English or in local languages?

A: We generally recommend building and maintaining your RoPA in English first to ensure consistency and ease of collaboration across teams. Once it’s finalized, you can translate it into local languages if needed. Automated translations are improving but may still produce inaccuracies, so manual review is advised for compliance documents.


Q: Can we filter by custom fields?

A: Yes. When creating or editing a custom field, enable the “Display in filters” option. Once activated, the field will appear in the Advanced Filters section (e.g., for Assets, Processing Activities, etc.), allowing you to easily segment and search by it.


Q: How does automatic risk assessment work? Where do the risk colours come from?

A: TrustWorks uses a predefined 3×3 risk matrix where each colour represents a combination of likelihood and impact scores. Risks can be created manually, generated from risk templates, or automatically detected through assessments. The colour displayed reflects the calculated risk level based on those parameters.


Q: Can DPIA Insights be refreshed?

A: Yes. DPIA Insights can be re-run during the review or approval stage of a survey. These insights are AI-generated and reflect the latest responses. Once the survey is approved, re-running them is no longer possible — you’ll need to update the DPIA Insights manually at the Processing Activity level. To do that, open the relevant Processing Activity and navigate to the DPIA Insights tab.

Initiatives & Projects

Q: Will DPIAs also be used for new initiatives (projects) that are not yet Processing Activities?

A: Yes. DPIAs can be initiated for new initiatives, before they become Processing Activities, helping identify risks early in the lifecycle.

Integrations & AI

Q: Can sub-processors be automatically identified by scanning linked pages (“Scan for Sub-processors”)?

A: Yes. In the Asset details view, under the Sub-processors tab, you can use the Scan for Sub-processors option. The scan uses one of the Reference Documents you’ve added (either a file or a URL) as the source. Ensure the URL is publicly accessible so the AI assistant can analyze it and generate a list of detected sub-processors for your review. Note that some pages may not be accessible to the AI scanner depending on site restrictions.

Data Model & Relationships

Q: What is the relationship between Legal Entities and Assets/Applications?

A: Legal Entities represent the organizations responsible for specific Assets or Applications. Each Asset can be linked to a single Legal Entity to indicate ownership or data processing responsibility. When Assets are linked within Processing Activities for storage or processing purposes, the related Legal Entities are automatically reflected — appearing under the Processors tab for Controller-type Processing Activities and under the Sub-processors tab for Processor-type ones.

Processing activities

Q: Is it possible to re-arrange the order of the custom fields for all Processing Activities?

A: Yes. Open any Processing Activity and go to the Additional Information tab. Click the three dots in the top-right corner and select “Rearrange positions.” You can then drag and drop the custom fields to your preferred order. Click Update to apply the changes across all Processing Activities.

Still need help? Contact Us Contact Us