Skip to content

PlexTrac Assessments

Built for Your Workflow in Your Reporting Platform

Many security consultancies offering assessments as part of their services, or looking to begin doing so, turn to spreadsheets to conduct their engagements, leading to constant copy-and-pasting, time-sucking emails to participants (and sharing sensitive data in the process), and hours of parsing information for their client’s report.

If this sounds like your usual assessment routine, then we have good news for you: PlexTrac’s Assessments feature can centralize the assessment in a simple and secure, access-controlled portal that enables you to create assessments from a large number of standard templates, make modifications and edits throughout the engagement, and immediately export the completed assessment into a professional report for your clients. Intrigued? Read on to find out if this tool is for you.

Do Your Assessments Need a Hand?

PlexTrac’s Assessments module is a specialized feature within the PlexTrac platform that will best serve two different use cases:

  1. Security consultancies that offer framework-based governance, risk, and compliance (GRC) assessments, and 
  2. Technical testers who use it for scoping questionnaires.

If your team falls under one of these categories, then congratulations! PlexTrac Assessments is right up your alley. Some of our most commonly used assessments conducted within PlexTrac include 

  • CMMC 2.0
  • NIST 800-53
  • NIST CSF
  • CISv8
  • ISO 27001
  • FFIEC
  • NYDFS

Let’s dive deeper into the value of conducting your next assessment or scoping questionnaire directly within a reporting platform in a module built specifically for your workflow.

How It Works

Our Assessments module smooths the way during every phase of the assessment workflow, from start to finish, and everything in between.

Assessment Building Phase

Build and modify your own fully customized assessment questionnaires in our user-friendly platform where you have ultimate flexibility in the questionnaires you create. No more copying and pasting from past documents and worrying if everything is up to date. You can also maintain a collection of assessment questionnaire templates, which you may edit at any time and from which you can begin new assessments.

Within the PlexTrac platform, you have the ability to refine the assessment to exactly what you (and your client) want. Want to change the question formats? You have many options to choose from, including radio buttons, multiple choice, and free response questions. Want to provide extra context for the assessor? You can pre-populate reusable references and recommendations that the assessor can consult during the engagement’s execution phase. Need to sort questions and findings for easy reference? You can add fully customizable tags to every question of the assessment, making it easy to filter questions, findings, reports, and analytics, and categorize them by compliance frameworks.

Assessment Execution Phase

Once your customized assessment template has been refined and saved, you can implement it at any time. Simply select the assessment template you would like to use, select the client or project you want to assess, and then begin the execution phase.

As you begin to add data to the assessment, you can monitor the progress in real time. By connecting all of the engagement’s activities, tools, and contributors through PlexTrac, you can add to the assessment and interact with contributors throughout the process. Provide them simple URL links to self-administer specific questions and collect evidence securely in the platform, such as policy documents or image screenshots.

Some of the great features at your fingertips during this phase include the following:

  • Keyword Filter enables you to search through all question titles within an assessment by keyword.
  • Status Filter filters all questions by the 4 standard status types: in-progress, completed, not started, and required/not complete. This filter enables you to see at a glance what still needs to be completed during the execution phase.
  • Questionnaire Progress Bar illustrates the completion percentage in real time as you work through the questionnaire.
  • Question Navigator takes you directly to the question number you enter.  

Attachments Tool gives you the ability to add attachments to specific questions, including policy documents, screenshots, code samples, and videos.

Reporting Phase

The reporting phase is where it all comes together and where the benefits of centralizing the entire engagement in PlexTrac really stand out. As you prepare your custom report for your client, any assessment findings can be added to the report, along with relevant information, evidence, and attachments — all laid out in an easy-access template that you can design from scratch or using one of many customizable pre-made templates.

And if your assessment uncovers urgent issues that need addressing right away, there’s no need to wait for the assessment to be finalized. Thanks to the selective access options in the PlexTrac portal, you can release the relevant critical findings and the supporting evidence to the remediation team right away, without resorting to emailing sensitive information that might get lost in the shuffle (or worse, compromised). 

Once the report is completed, your clients can access the report via our intuitive portal, along with all of the supporting attachments, documentation, and analytics.

Simplify Your Assessment Routine

Thanks to the Assessments module, one of many great features of the PlexTrac platform, pentesting teams and security consultants can consolidate their offensive testing and assessments processes  into one platform — and eliminate cumbersome spreadsheets. Reduce the number of moving parts, simplify collaboration and data collection, and empower your clients to understand your findings and take action.

If you’re ready to see the PlexTrac Assessments module in action, sign up for a demo today!

Request a demo

PlexTrac supercharges the efforts of cybersecurity teams of any size in the battle against attackers.

See the platform in action for your environment and use case.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.