> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vendexlabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Assessments

> The assessment lifecycle, approval statuses, evidence, and the audit log.

An **assessment** is your organization's record of reviewing a vendor. Where the [risk score](/concepts/risk-scoring) is VendexLabs' research-backed view, the assessment is *your* decision — the business context, the data the vendor handles, your compliance notes, supporting evidence, and an approval status. Every change is logged.

<img src="https://mintcdn.com/vendex-labs/cF_gRQxu5ZE_JthB/images/assessment-detail.png?fit=max&auto=format&n=cF_gRQxu5ZE_JthB&q=85&s=e204974d95717ddd040906b83b06fbd9" alt="Assessment detail page with compliance, business context, and data privacy sections plus an approval log" width="1744" height="1580" data-path="images/assessment-detail.png" />

## What an assessment captures

<AccordionGroup>
  <Accordion title="Compliance & approval">
    The approval status, compliance contact, submission and approval dates, and free-text compliance notes. For conditional approvals, the specific condition that must be met.
  </Accordion>

  <Accordion title="Business context & sponsorship">
    The sponsoring department, the internal sponsor's contact, whether to notify the sponsor on updates, and the primary use case for the vendor.
  </Accordion>

  <Accordion title="Security risk & analysis">
    Notes on the vendor's security posture as it applies to your usage.
  </Accordion>

  <Accordion title="Data privacy & collection">
    The categories of data the vendor collects (e.g. name, phone), plus notes on how that data is handled.
  </Accordion>

  <Accordion title="Evidence & documentation">
    Supporting files — questionnaires, reports, certifications — attached to the assessment.
  </Accordion>
</AccordionGroup>

## Approval statuses

An assessment moves through a clear lifecycle. The status is visible everywhere the vendor appears — the vendor grid, the assessments inbox, and the dashboard.

| Status                   | Meaning                                       |
| ------------------------ | --------------------------------------------- |
| **Not Started**          | No review has begun.                          |
| **In Progress**          | Review is underway.                           |
| **On Hold**              | Paused, waiting on information or a decision. |
| **Conditional Approval** | Approved, subject to a stated condition.      |
| **Approved**             | Cleared for use.                              |
| **Rejected**             | Not approved for use.                         |

<img src="https://mintcdn.com/vendex-labs/cF_gRQxu5ZE_JthB/images/assessments-inbox.png?fit=max&auto=format&n=cF_gRQxu5ZE_JthB&q=85&s=f3234a61a9c9526c63a94d04de60de98" alt="Assessments inbox with filters, vendor statuses, and a detail panel" width="2588" height="1654" data-path="images/assessments-inbox.png" />

## The audit log

Every save on an assessment records who changed what and when. Related field changes from a single save are grouped into one event, so the **approval log** reads as a clear history of decisions — reapprovals, status changes, date changes, and evidence added or removed. This is what makes an assessment defensible in an audit.

<Note>
  Approvals are point-in-time. Assessments carry a review date, and VendexLabs surfaces upcoming expirations so approvals don't silently go stale. Renewing an approval is a first-class action on the vendor's assessment.
</Note>

## Assessments and monitoring work together

An approval reflects what you knew at review time. If a vendor is later involved in a breach or vulnerability, [Recent Events](/guides/recent-events) surfaces it so you can re-open the assessment and reconsider — turning a static approval into continuous oversight.

<Card title="Run an assessment" icon="clipboard-check" href="/guides/run-an-assessment">
  Step-by-step: record a decision and attach evidence.
</Card>
