Request Attested Documents (SOC 2, ISO, CAIQ, PCI DSS)

  • 1 minute(s) read
Prev Next

Overview

The Attested Documents request capability in SAFE TPRM enables analysts to collect compliance evidence, such as SOC 2 reports, ISO certifications, CAIQ responses, or PCI DSS attestations, directly from vendors without sending a full questionnaire.

This workflow simplifies document-based assessments by allowing vendors to upload required documents through a dedicated experience. SAFE automatically processes submitted documents, converts them into structured findings, and updates risk insights to support faster analysis and decision-making.

Key Capabilities

  • Document-Only Request Type: Create attestation requests without initiating a full questionnaire assessment.

  • Enhanced Analyst Visibility: Dedicated request-type indicators in the questionnaire list enable quick identification and filtering of attestation-based requests.

  • Guided Vendor Experience: Vendors receive a direct upload link with clear instructions, validation checks, and confirmation upon successful submission.

  • Automated Email Notifications: Built-in email notifications and reminders help ensure timely document submission.

  • Assessment Lifecycle Controls: Analysts can review submissions, reopen requests with comments, and re-request evidence without losing context.

  • Centralized Document Management: All uploaded files are validated, securely stored in the Document Store, and linked to the associated assessment.

How do attested document requests work?

  1. The analyst selects required attestations (e.g., SOC 2, ISO certifications) from the questionnaire section.

  2. SAFE generates a document-only request instead of a full questionnaire.

  3. The vendor receives a link to upload the requested documents.

  4. After submission, SAFE automatically assesses the uploaded documents and converts them into questionnaire findings.

  5. Risk insights and assessment results are displayed to the TPRM analyst for review.

Create an Attested Document Request

Follow these steps to request attested documents from a vendor:

  1. Navigate to Questionnaire Cards.

  2. Click the Plus (+) icon to create a new questionnaire request.

  3. On the Add Questionnaire page, select the Attestations tab.

  4. Add the required attested documents from the available list (e.g., SOC 2, ISO, CAIQ, PCI DSS).

  5. The added attestation requests will appear in the questionnaire list.

  6. Open the three-dot options menu and select Request Assessment to send the request to the vendor.

  7. Enter the vendor's email address and the due date.

  8. Make sure Smart reminder is enabled.

  9. Click the Send Request button.

Vendor Experience

  1. The vendor receives a secure link designed specifically for document uploads.

  2. Instead of completing a full questionnaire, the vendor uploads the requested attested documents directly.

  3. Upload validations ensure the correct files are submitted.

  4. Upon completion, the vendor receives confirmation of successful submission.

Assessment Processing and Results

  1. SAFE processes uploaded documents automatically in the background.

  2. The platform converts submitted files into structured findings aligned with the assessment framework.

  3. Risk insights and evaluation results are generated and displayed to the TPRM analyst.

  4. Analysts can review, approve, or request additional evidence as needed.