This topic explains how to manage interviews in the analysis phase of a risk management project. Similarly to automated collections, interviews help optimize the analysis process by allowing controls to be answered through questions. However, interviews can be used to answer controls associated with assets of all types, whereas collectors can only answer technology-related controls.
An interview consists of a series of questions to be answered by an assigned interviewee. This allows the person to update indirectly the properties of the controls in a certain questionnaire, simply by answering questions. Each interview is generated automatically based on a survey previously created in the Knowledge module. For details on creating risk surveys, see Chapter 8: Knowledge -> Surveys.
Interviewees must be previously registered in the Organization module and assigned to answer each interview during the inventory phase of risk projects. If they have credentials to log in to the system, they can access Interviews through the Interviews section of the Home module. If not, they can access each interview through the e-mail notification they receive when the interview is sent. For details on accessing and answering interviews, see Chapter 2: Home -> Interviews -> How to View the List of Interviews and How to Answer an Interview. For details on granting credentials to people registered in the system, see Chapter 17: Administration -> Access Control -> Manage Users.
The percentage of completion for each interview is displayed in the list of interviews, calculating the quantity of required questions answered by the interviewee.
Once submitted, interviews can be reviewed by a second person, depending on whether a reviewer was assigned. This person can choose to send their revisions back to the interviewee, if necessary, in which case the interview must be answered again. For details on reviewing interviews, see Chapter 5: Risk -> Risk Management Projects -> Risk: The Analysis Phase -> Overview of Reviews.
Documents showing proof of interview completion as well as a list of responses provided can be made available to users by enabling this option in the Customizations section of the Administration module. The proof of interview completion is a document with the name of the interview and that of the interviewee/reviewer, as well as the completion date. The list of answers provided displays the final answer to each question in the interview. Note that you can also customize the templates used to generate these two files in the abovementioned Customizations section. For details, see Chapter 17: Administration -> Customizations -> Projects.
The status of an interview may be one of the following:
• Not Sent: the interview has not yet been sent to the interviewee.
• Sent: the interview has been sent to the interviewee.
• Partially Answered: the interview has been sent to the interviewee and opened at least once.
• Re-Sent by Reviewer: the interview has been sent back to the interviewee by the reviewer.
• Completed: the interview has been completed by the interviewee.
• Cancelled: the interview a) has been sent to the interviewee and manually cancelled by an authorized user, or b) has been sent to the interviewee and automatically cancelled due to project cancellation or deletion, or due to other situations that make it unnecessary.
Note that the interview process can be restarted if the analyst chooses to re-send an interview in the analysis phase of the risk project.