Help Centre

Before engaging a new supplier — and periodically with existing ones — you should conduct due diligence to assess their data protection and security practices. Folelse lets you send a structured questionnaire and tracks their responses.

How to send a questionnaire

1. 1 Open a company in Dashboard → Companies.
2. 2 Click "Send Assessment Questionnaire".
3. 3 Select the questionnaire type: Standard UK GDPR, NHS DSP Supplier Assessment, or Custom.
4. 4 Enter the recipient's email address (the supplier's DPO or IG lead).
5. 5 Set a response deadline.
6. 6 Click Send. The supplier receives an email with a secure link to complete the questionnaire.

What the questionnaire covers

• Data processing description and legal basis.
• Security certifications (ISO 27001, Cyber Essentials, SOC 2).
• Sub-processors used and whether notification is provided.
• Data retention and deletion practices.
• Breach notification procedures.
• Data residency and international transfer safeguards.
• Staff training and access controls.
• Business continuity and disaster recovery.

Reviewing responses and gap analysis

1. 1 When the supplier submits their responses, you receive an email notification.
2. 2 Open the company record and click the Assessment tab.
3. 3 Gaps are highlighted in red — questions where the supplier's answer indicates a deficiency.
4. 4 You can add internal notes against each gap and mark it as "Accepted risk", "Remediation required", or "Escalated".
5. 5 The overall assessment score (0–100%) is shown in the company card.