TPRM Assessment Authoring
      Back to home
      1. Knowledge Management
      2. External Risk / Compliance Management Soultion
      3. TPRM Assessment Authoring

      How to Configure Automatic Recommendations Based on Assessment Answers

      This article will take you through the process of adding recommendations to assessments in the External/Risk Compliance Management solution.

      The Recommendations functionality allows you to create and add custom recommendations to your assessments directly based on the answers selected in an assessment.  You can create nested business logic rules using the rule engine from there.

      On the Welcome page of any Phinity Solution, click on the cogwheel to navigate to the Control Panel. Once in this view, click on the 'Assessment Authoring' tile. You will then select the ellipsis (...) on the assessment type you would like to add recommendations, and click the 'Manage Questionnaires' option on the dropdown. On the Questionnaire you would like to add recommendations click the ellipsis (...) and 'Recommendations' option.


      Below is an example of a recommendation that is triggered if a third party indicates that they do not have a formalised information security policy in place, but rather a draft version. 



      This recommendation will be visible in the questionnaire responses, where the reviewer verifies responses before “Accepting & Closing” a questionnaire to lock it in, if the third party indicates that they only have a draft information security policy in place. This recommendation in the review of responses is shown in the below screenshot.



      This is what the recommendation looks like when the reviewer views the responses of a particular third party, and the below screenshot shows that the response to the information security policy is what triggered the recommendation to be shown.


      To add a new recommendation rule, under the 'Manage Questionnaires' screen for a specific assessment type in 'Assessment Authoring', you must be in the 'Recommendations' screen as shown below.


      To begin editing and constructing your new rule set, click on 'Add Rule'. You should see the following screen.

      Each question answer option is assigned a unique identifying number (e.g. 46456, 46457, 46389 etc.). You can select all necessary answer options and apply either AND or OR or a mixture of logic operators for when you want the recommendation to be triggered.

      For example, if the third party has an information security policy in place, but no policies for any combination of cryptography, access control or communications security, then you can build the following ruleset.


      The Create / Set Group button grants the ability to change the colours of each rule as per your liking.



      The completed rule set will look like this once you click on the green arrow to Save:



      Once you are done creating or editing rule sets, you should click “Publish” and “Ok” to apply these rule sets and recommendations to the questionnaire.


      The logic for the above rule means that if the respondent selects option 46391, in combination with any of the three options in brackets (i.e. 46456, 46434 or 46500), the recommendation will appear.

      You have successfully configured automatic Recommendations based on assessment answers in the External/Risk Compliance Management solution.

      Kindly contact support@phinityrisk.com for any additional assistance required.