Privva
Cybersecurity and Venture Risk Assessment Platform
Company
Privva was originally a startup focusing on cybersecurity and venture risk assessment. They were located in Arlington, VA, Link, and they manage an online program that determines if working with a 3rd party vendor would align with a client’s security standards. They were later acquired by Smarsh inc. Link and incorporated into their family of products. Privva utilizes vendor questionnaires, testing, and data collation to determine the risk of companies working with outside vendors, and they calculate various risk scores that align with each company’s security preferences.
Product
The online portal was the channel from which Clients and Vendors could determine a working relationship. With the product, Clients create, send, and reply to individual or groups of vendors, while Vendors complete and respond to Client’s security questionnaires or auto-fill questions from previous partnerships. Clients determine the type of assessments, questions, and risk scoring for each project, and the Vendors are 3rd party companies that may work in conjunction with the Client depending on their question responses, answer explanations, and flagged remediations.
For example, a company like, may work with vendors for xyz reason and for xyz situation. Xyz would determine the risk of working with the vendor based off of their assessment responses.
As a UX Consultant, I advised and worked together with the Project Manager and Stakeholders on various Proof of Concepts (POCs), such as revised data graphs, stakeholder agendas, such as new Client and Vendor features, and team finds, such as coding bugs and various restructuring to their client account portal. The deliverables geared towards product design with a UX perspective, since high-fi MVPs, information architecture, and Stakeholder feedback were prioritized over Clients’ and Vendors’ usability test scores for each project.
Position
Tools
Figma, Lucid Chart, Keynote,
Duration
1 year and 1 month
+ / - 20 hours a week
Setting
Remote Office, Thanks Zoom!
Adobe Illustrator, Google Drive,
20 Design Projects
7 Figma Prototypes
70% of Work In Use
Auto-Extension Requests, Email Templates, Risk Assessment CTAs, Bulk File Uploads, Vendor Requests, View Assessment Expirations, Custom Field Edits, Transfer Files, and Others . . .
Auto-Extension Request for Clients, Vendors, and their Combined Process, Vendor Request and Bulk File Upload for the Start, Fill-In, Edit, Save, and Uploads Process, and Others . . .
With Product Manager Feedback, Stakeholder Priorities, and Developer Work, over 2/3rds of the Designs were Integrated into the Privva Systems Account Portal.
Email Templates
Code Bugs
25 Email Designs for Varied Scenarios
2 Bugs Found on the Account Portal
Vendor Requests
20 Screens for the Form Action Process
A Few Projects and Finds
New Placement and Design of the Page
User Page
Contributor Process
5 Selected Options and Switch Process
Issues Layout
2 Adds and Restructure of the Issues Page
Text Inconsistency
Decimal Text Sizes and Mismatched Fonts
Color Discrepancy
Various Screen Colors Used Inconsistently
MVP Project Style
The project style consisted of multiple projects being prioritized as visual designs that were created and delivered as minimal viable products (MVPs) Link. With a quick turn around, visual concepts with notes were prioritized over prototyped designs.
Hi-Fi Deliverables in a Sprint Timeline
Adaptability of Products
Product Features and Client Customization
Workflow Load
Focus on Webpage Information Architecture
The company’s client portal questionnaires and risk score settings allowed for a range of specificity for each client project, because questions and response ratings were customizable for the vendor. Each client company may have a high range of security protocol and priorities, work with different types of vendors, and change their scoring requirements for different situations. With this, feature adaptability and customization was a product focus, so that Privva’s online objective of vendor risk assessment and client project security would be applicable to a range of small, medium, and large companies, who also partner with a variety of regular and new third-party vendors.
Because of the emphasis on MVP design deliverables, my workflow consisted of product research, information architecture, visual low - fi mockups, and mainly mid - fi to high - fi handoff files. Based off management’s timeline and priorities, the client and vendor perspective was gathered from proto-personas, task analyses, and user journeys, which were used to direct the designs along with Privva’s stakeholder feedback.
Product Info + Work Style
Privva Users
User Product Interaction
“ I’ll see if we can utilize answer responses from the last time we worked with their team. I can double-check to see if any of our current standards have changed since and edit individual answers and replies. ” - Steve
User Persona
Vendor Product Interaction
User Persona
Client
Steve
Alex
Client Behaviors: The client wants to ensure that the people they work with have protocol in place that will safeguard both of their companies’ information.
Client Needs + Goals
A standard met by 3rd party vendors
Clear communication with their security team
An understanding of their set risk compared to other vendors and for this project.
Client Pain Points + Frustrations
Not being able to sufficiently organize client information
Setting access to different people in the company
Organizing and accessing drafted, in progress, and previous project files.
With their Privva portal account, they create project assessments, select individual assessments or create specific questions, to the work assignment, risk status, and client vendor relationship. (Reword). They utilize the client account portal to create, send , score, review, and bundle assessments. They can view different risk scoring graphs and see vendor scores distributed over time.
For example, they can see a history of scored assessments online and whether assessments have expired, require extensions, and have been approved.
Vendor Behaviors: The vendor provides a 3rd party service for so and so, the company. They have their current way of operating, but sometimes, they clean up their information security standards when working with other 3rd party companies.
Vendor Needs + Goals
They want to quickly complete client projects so they can get started on working together.
They also would like to answer assessment questions they have completed before with either saved answers or be able to review previous answers and see how they compare to the current company operating protocol and assessment to know if anything has changed since the last time they’ve worked with them.
Organized account portal to see clients they work with and their status on completing assessments. Previous assessment and notes and communication channels they may have with their new or long-term clients.
Vendor Pain Points + Frustrations
Not being in (communication) about questions they didn’t understand or wanted to complete in a different way, for example, with a note or image when only a fill in bubble response was offered.
Forgetting to complete started assessments and why they need to amend an answer. What should they do?
Seeing their progress of the client approving or not approving their assessment answers and receiving a follow-up of questions to amend in a timely manner.
The vendor responds to assessments for potential work relationships with clients. They are able to use previous responses through Privva automation to quickly complete answers and save time in the intermediary of finalizing or making changes to their security protocol before working together. They can also extend their assessments if they need more time. History of Clients?
For example, if they need to request more time for an assessment they can click a button online to do so.
Vendor
“ I need to see if their answers changed from last time and see if their security standards are the same or better. We’ve changed updated our information standards, they’ll have to update theirs too.” - Alex
Privva Users
User Product Interaction
“ I’ll see if we can utilize answer responses from the last time we worked with their team. I can double-check to see if any of our current standards have changed since and edit individual answers and replies. ” - Steve
User Persona
Vendor Product Interaction
User Persona
Client
Steve
Alex
Client Behaviors: The client wants to ensure that the people they work with have protocol in place that will safeguard both of their companies’ information.
Client Needs + Goals
A standard met by 3rd party vendors
Clear communication with their security team
An understanding of their set risk compared to other vendors and for this project.
Client Pain Points + Frustrations
Not being able to sufficiently organize vendor project and assessment information.
Setting access to different people in the company.
Organizing and accessing drafted, in progress, and previous project files.
With their Privva portal account, they create project assessments, select individual assessments or create specific questions for the work assignment, score and adjust the risk status, and develop client - vendor relationships. They utilize the client account portal to create, send , score, review, and bundle assessments. They can view different risk scoring graphs and see vendor scores distributed over time.
For example, they can see a history of scored assessments online and whether assessments have expired, require extensions, and have been approved.
Vendor Behaviors: They have their current way of operating, but will amend their information security standards when working with other client companies.
Vendor Needs + Goals
They want to quickly complete client assessments so they can get started on working together.
Answer + compare questions from past responses.
Organized account portal with client details.
Vendor Pain Points + Frustrations
Unclear communication channel between the client on following up about questions they misunderstood.
Forgetting to complete partially answered assessments and amending flagged answers.
Viewing assessment approval status by the client.
The vendor responds to assessments for potential work relationships with various clients. They are able to use previous responses with Privva’s automation Artificial Intelligence to quickly complete answers and save time in the intermediary of finalizing or making changes to their security protocol. After status approval of assessments and follow-up about question answers, they can collaborate with vendors.
For example, they can view their assessment status and extend the assessment timeframe to upload material and answer all responses before the submission date.
Vendor
“ I need to see if their answers changed from last time and see if their security standards are the same or better. We’ve changed updated our information standards, they’ll have to update theirs too.” - Alex
Privva Users
User Product Interaction
“ I’ll see if we can utilize answer responses from the last time we worked with their team. I can double-check to see if any of our current standards have changed since and edit individual answers and replies. ” - Steve
User Persona
Vendor Product Interaction
User Persona
Client
Steve
Alex
Client Behaviors: The client wants to ensure that the people they work with have protocol in place that will safeguard both of their companies’ information.
Client Needs + Goals
A standard met by 3rd party vendors
Clear communication with their security team
An understanding of their set risk compared to other vendors and for this project.
Client Pain Points + Frustrations
Not being able to sufficiently organize vendor project and assessment information.
Setting access to different people in the company.
Organizing and accessing drafted, in progress, and previous project files.
With their Privva portal account, they create project assessments, select individual assessments or create specific questions for the work assignment, score and adjust the risk status, and develop client - vendor relationships. They utilize the client account portal to create, send , score, review, and bundle assessments. They can view different risk scoring graphs and see vendor scores distributed over time.
For example, they can see a history of scored assessments online and whether assessments have expired, require extensions, and have been approved.
Vendor Behaviors: They have their current way of operating, but will amend their information security standards when working with other client companies.
Vendor Needs + Goals
They want to quickly complete client assessments so they can get started on working together.
Answer + compare questions from past responses.
Organized account portal with client details.
Vendor Pain Points + Frustrations
Unclear communication channel between the client on following up about questions they misunderstood.
Forgetting to complete partially answered assessments and amending flagged answers.
Viewing assessment approval status by the client.
The vendor responds to assessments for potential work relationships with various clients. They are able to use previous responses with Privva’s automation Artificial Intelligence to quickly complete answers and save time in the intermediary of finalizing or making changes to their security protocol. After status approval of assessments and follow-up about question answers, they can collaborate with vendors.
For example, they can view their assessment status and extend the assessment timeframe to upload material and answer responses before the due date.
Vendor
“ I need to see if their answers changed from last time and see if their security standards are the same or better. We’ve changed updated our information standards, they’ll have to update theirs too.” - Alex
Privva Users
User Product Interaction
“ I’ll see if we can utilize answer responses from the last time we worked with their team. I can double-check to see if any of our current standards have changed since and edit individual answers and replies. ” - Steve
User Persona
Vendor Product Interaction
User Persona
Client
Steve
Alex
Client Behaviors: The client wants to ensure that the people they work with have protocol in place that will safeguard both of their companies’ information.
Client Needs + Goals
A standard met by 3rd party vendors
Clear communication with their security team
An understanding of their set risk compared to other vendors and for this project.
Client Pain Points + Frustrations
Not being able to sufficiently organize vendor project and assessment information.
Setting access to different people in the company.
Organizing and accessing drafted, in progress, and previous project files.
With their Privva portal account, they create project assessments, select individual assessments or create specific questions for the work assignment, score and adjust the risk status, and develop client - vendor relationships. They utilize the client account portal to create, send , score, review, and bundle assessments. They can view different risk scoring graphs and see vendor scores distributed over time.
For example, they can see a history of scored assessments online and whether assessments have expired, require extensions, and have been approved.
Vendor Behaviors: They have their current way of operating, but will amend their information security standards when working with other client companies.
Vendor Needs + Goals
They want to quickly complete client assessments so they can get started on working together.
Answer + compare questions from past responses.
Organized account portal with client details.
Vendor Pain Points + Frustrations
Unclear communication channel between the client on following up about questions they misunderstood.
Forgetting to complete partially answered assessments and amending flagged answers.
Viewing assessment approval status by the client.
The vendor responds to assessments for potential work relationships with various clients. They are able to use previous responses with Privva’s automation Artificial Intelligence to quickly complete answers and save time in the intermediary of finalizing or making changes to their security protocol. After status approval of assessments and follow-up about question answers, they can collaborate with vendors.
For example, they can view their assessment status and extend the assessment timeframe to upload material and answer responses before the due date.
Vendor
“ I need to see if their answers changed from last time and see if their security standards are the same or better. We’ve changed updated our information standards, they’ll have to update theirs too.” - Alex
8 Project Samples + Finds Explained
Issues Layout
2 Adds and Restructure of the Issues Page
Project Objective
Change
Along with the “Comments,” messaging section and change in page layout, other changes were made:
Incorporate a “Comments,” section onto the page.
Include a Risk Score for the “Source” section.
Conceptualize a new page layout.
Create and include a “Notes,” Section.
Restructure the “Source,” and “Details,” content.
Iteration
After feedback, changes were made to take into account time stamps, other risk scores, and content order:
Include a time stamp on the “Notes,” section.
Include a time stamp on the “Comments,” section.
Show how multiple Risk Score Questions appear.
Delete download options except for “Attachments.”
Move assignee to the top of the screen.
Create a visual design of a messaging system and notes section and include it in a new reorganization of the client “Issues,” page.
The issues page information was originally stacked in 2 columns , which made the additional “Comments” messaging section look out of place in the original design, because it needs its own section and is a larger design. So, a new layout was suggested that organized the sections, “Details,” “Comments,” “Source,” and “Notes,” in a different layout with the new information.
Vendor Requests
20 Screens for the Form Action Process
Iterations included changes to the custom field look and to the edit option function:
Custom Fields content was condensed.
Additional steps to save and download information were edited
Tool tips for icons and an ability to hide and view question answers was shown.
Update the Vendor Request Form Design and Section Order with an “Organizational Details” Section and Risk Score Setting.
Privva had a Vendor Request form already incorporated onto their site. Because of the position of the process on the screen, it was often times overlooked by users. A placement and visual for the Vendor Request Forms was a part of the design project where the Vendor Request Form process was adjusted with new sections, new form fields, question edit options, custom fields, and a larger popup modal.
Change
The main change was the Vendor Request process but other adjustments were included:
Include Icons for edit options, like edit text, write notes, add question, risk score, delete.
New order of the Vendor Request Sections.
Larger modal and adjusted look of content
Iteration
Objective
Code Bugs
2 Bugs Found on the Client Portal
No iterations to this find!
After calling out the HEX code hiccup to the Project Manager, the HEX code manual entry was fixed. Both the date picker and the typed in color code adjusted the portal’s banner to the company’s brand or a custom account color.
Inform the Project Manager about the HEX code error , where a manual entry of the HEX color code was glitching on the user side.
While working on a different project, I was moving through the Organization Settings pages and realized that the HEX code was inaccurately changing the typed HEX color to another color that was different from the initial typed HEX code. This was because after typing in 3 Hex code letters and numbers, the form field would auto populate to another HEX color code that was not able to be adjusted.
Change
During task analysis on the client portal, I noticed an error for the Banner Color change:
This was my first digital bug catch, and I learned that the inability to enter the HEX manually was a design change that the Developer Team would fix.
The color picker option worked just fine for people who chose that option but the second option, to type in a HEX color would be adjusted with backend code that would allow it to function properly for users.
Iteration
Objective
🐛
🦋
Email Templates
25 Email Designs for Varied Scenarios
Other versions were added over time to the template list and with that specific actions and info details:
Other options were included, like designs with banner choices for company customization
Different buttons, like extend assessment, View assessment, and Sign-in were included.
Copy was changed to align with Privva feedback.
Create new email templates that applied to general Privva emails, to specific scenarios, like extension requests, and to old emails but with a new look.
The emails that were being used had smaller typeface, #, and were based off of a previous visual color choice with blue hues that were no longer being used through the current Privva branding. The new email designs focused on larger typeface, bringing the current Privva colors into the Logos and email details, and text that could be adjusted for new future emails or adjusted to existing email copy.
Change
Creating new visual options that were more of a modern industry look was the initial priority:
Content language was edited for a clear speaking voice and order or information.
A logo was added to the Privva signature
Larger text and font width took up space
Iteration
Objective
A Few Projects and Finds Summary
These 3 projects were worked over a few weeks to improve the visual experience of their product, and the organizational, hierarchy of information, and placement of new features within current product structures. With these changes, a user has access to an updated vendor request from with new features and cleaner text, emails that direct them towards various scenario actions seamlessly without action frustration over a technical bug. Over the course of my time working with Privva to update different parts of their online portal, these changes reflect a focus on information architecture, visual design, and client & vendor interaction with their current offerings and new additions connecting to their original design.
Information architecture was one of the main focuses. Placement of sections and text, buttons and action processes! ->
Why a proto-persona? \ Email Links
MVP status and what that mean too. Flow and User Testing ->
Priority of speed implementation even thought they say it costs more and take more time to fix something without user testing.
Users Page
New Placement and Design of the Page
Project Objective
Change
With a “User’s” Page already incorporated onto the client portal, the new criteria was added and shown through: (changed the visual look)
Reimagine and create a user page for the account
Include a column for “Access Roles” and “Groups”
Show how you would assign user’s to “Groups.”
Include a CTA to “invite a user to your organization.”
Redistribute user and email content to fit the page.
Iteration
The “Users,” page was looking to include access roles for different groups and an ability to invite a user to the client’s company or organization.
Users would be assigned to groups and these groups would have different access roles on the account portal. This meant that different people who were users in the client organization or company would be able to access and engage with different parts of the account portal depending on their role and their team responsibilities.
After a hi-fi mockup was created feedback on the access roles look and process was adjusted along with:
Instead of text, use an icon for the “Groups” row.
Include a number placement for the group.
Have a visual or the user’s initials by their name.
Copy change for the titles and access roles?
Differentiate groups versus access roles; the search and delete process for groups. Tool tip? list of ppl?
Contributor Page (Process)
5 Selected Options and Switch Process
Project Objective
Change
The main points were to include secondary contributors and show how they would be reassigned along with:
Differentiate between primary and secondary contributors in the client company
Combine the contributors on 1 list view
Provide options for the contributor section
Add in the contributor “Role” and “Email” information.
Show how to edit and move contributors.
Iteration V2
After sharing mockup options of the contributor lists, the information was cleaned up and process refined:
Include the initials of the contributors by their name. This could later be updated with profile pictures or kept as a visual identifier with initials.
Adjust the process to change the contributors to fewer steps than the initial proposed action process.
Decide on an automatic delete of the primary contributor, what was this?
On their custom fields page, the company was looking to add in secondary contributors along with their primary contributors.
Their current page only showed 1 contributor, but the client could have other contributors with different levels of site access with only 1 contributor visible on the details page. (That wasn’t represented on the details page). A primary contributor xyz, while a secondary contributor xys.
2 User Finds during Projects
Color Discrepancy
Text Inconsistency
On the Privva page and with the original Privva emails, there were color discrepancies with the blue and grey colors being used. For instance, a bright blue was being used on their emails that did not align with the blue used on their portal.
Throughout the website portal, the main fonts Montserrat and Brandon Grotesque were used, but the sizing of the headers, body, and other copy were mismatched on different pages. Additionally, some texts were listed and entered as a (whole but partial) number, such as in the case of a text font being 14.37… where a whole number is more consistent for the design (and for the developer).
Space is pretty cool info goes here.
What is in space is pretty cool info goes here.
MVP and Visual Designs
Again, circle back to this amount of hi-fi designs were able to be completed and sent off to the developer team due to the focus on MVP designs. The designs that get the job done and were simple but functional were prioritized over actions, visuals, and processes that would require more time and complication (finesse) to implement. The site/ company priorities (tangled knot) , perogative was on updated parts of the portal that were causing people confusion, and adding in new features. Simple was best!
Speed of the work and User-testing
Reflection
Speed of the work and how that allowed for more visual designs and MVP design work based off POCs but the work was mainly based on the company’s vision and the stakeholder’s user preferences and goals for their product’s features and functions. Work flow was MVP based, which meant that the first iteration was made in a short time frame and with a mid to high-fi design with less prototyping and interactive additions but with more tagged notes and bigger picture ideas saved for later.
***Reasoning for this . . . the stakeholders know the product well enough and the way in which it functions with the clients and vendors well enough to suggest designs they would like to implement. Is it always a bad thing or a good thing? In this case, the product is complicated and also adaptable.
Delta and Plus graph for this?
Simple | Simpler is way better, but!
Desire for user-testing and the back and forth changes based off what other people said was super frustrating.
With a list of tasks, it was more about cleaning up the original design and creating space for prioritized new features that could be a blue print for an overall visual look and in my opinion and hope, more thorough user testing.
Later, you can share the UX note about adaptability and a counter UX Note too, (quote, note, insight)
Naming conventions and mismatched icons too!
David told me much of the time to be simple! ex. Vendor request forms, delete, what do you need now.
Risk Score, Risk Rating, Risk Tier
All of the designs were incorporated into the structure of Privva’s current visual design.
◦ A simplified way to change contributors = Simplify on the contributors side!
2 types of projects, visual look and process!
Speed of the work and User-testing
Next Steps
How to do next steps for another project?
Visual look | User testing | streamlining action flow | reorganization | Big look
From a micro look, we were constantly looking at micro elements zoomed into changes specific to certain parts of their web portal with these changes made and more often throughout the process, it would be beneficial to zoom out and take in the picture of their designs too!
Client’s take too on why lack of user testing worked here too!
Untangling a lot of knots versus making it more tangled, when they untangle it, they can take it in, say xyz and choose to move on or not to a whole upgrade.
Speed of the work and User-testing