Global TPRM Provider
Full Product Redesign for a
Project Overview
The client came to us to “put it on the web”, but it was also a chance to rethink the entire experience.
The Ask
An industry standard in third-party risk, the company owns the questionnaire most teams rely on. Their product—a macros-heavy Excel workbook—helped assess vendor risk across security, compliance, and privacy. As adoption grew, the spreadsheet hit its ceiling: version chaos, single-user bottlenecks, fragile macros.
The Client
Lead UX Designer, end-to-end. Scoped and estimated the work; planned and ran user research; turned insights into personas, flows, IA, wires, and prototypes; validated with usability tests; and drove alignment through frequent readouts with the client and engineering
My Role
It’s complex tool in a complex industry. Conflicting client priorities kept requirements shifting. Internally, misalignment and resource strain made the process clunky. Despite all that, the goal stayed clear: ship a platform that streamlines assessment creation and truly supports third-party risk practitioners.
The Challenge
A cleaner, more useful experience on a scalable foundation, with reusable components, role-based workflows, and a phased roadmap to keep improving.
Validation testing users rated the tool a 4.3 out of 5 for improved usability.
The Outcome
Research & Insights
I conducted 18 moderated user interviews. The client provided us the opportunity to talk with risk professionals to understand what they value, where they struggle, and how the current product fits into their workflows.
User Interviews
First, I organized the findings into three categories, positive aspects, pain points, and future needs and, then I color coded and tagged them based on audience and topic.
From there I distilled the findings into clear insights and roadmap suggestions.
Affinity Mapping
These goal-oriented user personas were shaped by insights gathered during user interviews and developed to help guide the next stages of the redesign.
User Personas
Third Party Risk Manager
(Outsourcer Side - Oversees the entire assessment process, from initiation to final risk decision and remediation tracking.)
Key Findings:
Want a central dashboard to monitor assessment status and vendor risk.
Wants to ensure all risks are identified, documented, and either mitigated or accepted with clear accountability.
Wants industry specific templates and allowance for modular building blocks.
Wants the ability to collaborate, tag contributors, and give multiple users access to the same assessment.
Compliance Reviewer
(Outsourcer Side - Reviews the assessment for regulatory and contractual alignment and flags compliance risks.)
Key Findings:
Wants the ability to tag or link evidence directly to related questions.
Wants smart flags for missing docs, contradictions, misalignment, or incomplete responses.
Needs collaborative annotation, with time-stamped comments and decision logs.
Values precision and standardization, incomplete/vague answers slows reviews.
Third Party Contact
(Vendor/Supplier Side - Coordinates internal SMEs, manages timelines, and submits the completed assessment to the requesting party.)
Key Findings:
Frequently lacks deep compliance context, jargon and ambiguity slow progress and create interpretation anxiety.
Resource constraints (no dedicated compliance team).
Wants automation and reuse: pre-populated answers from past submissions/docs; fewer questions for small/simple vendors.
Internal SME
(Vendor/Supplier Side - Provides specialized responses to technical questions within the assessment.)
Key Findings:
Wants to avoid being pulled in repeatedly due to vague earlier responses.
Assessments often contain redundant or irrelevant questions, leading to wasted time.
User Flows
For each persona, I mapped every step they’d take to complete their tasks, documented the flows in FigJam, and flagged areas where user feedback revealed pain points or opportunities for improvement.
Mapping out interactions helped me plan for the pages, states, and functionality we would need and it helped us align with stakeholders before we started the wireframe phase.
Shown is the preferred workflow of our primary user, a third-party risk manager.
This flow outlines how a manager would create, edit, collaborate, send, and manage assessments.
This is not the final result, but an example of my process.
Noted in black is where there was an opportunity to improve the users experience.
Flow Example
Product Design
Working through the user flows allowed me to define which pages and states I needed to create. The following are some key areas of the experience where I solved specific user pain points.
Users needed a clear, at-a-glance view of their risk exposure and the assessment pipeline.
So we designed a dashboard that surfaces top risks, active assessments, and upcoming deadlines at a glance — giving managers the visibility they need without overwhelming detail.
Users needed the ability to collaborate on assessments.
So we enabled multiple contributors, giving some users view-and-comment access while allowing others full editing permissions.
We also included an internal commenting feature with resolvable threads and @mentions, attaching comments directly to individual questions so collaborators always know what’s being discussed.
Users wanted a way to speed up the assessment creation process while assuring they are asking the right questions.
So we introduced a template library with preconfigured assessments that give users a fast, reliable starting point while ensuring critical questions aren’t missed.
Including a custom AI template generator that builds tailored assessments based on vendor knowledge and company risk tolerance; saving time, reducing guesswork, and ensuring questions stay relevant.
We also included an upload feature that lets users bring in existing Excel-based assessments, making the transition to the new platform seamless.
Validation Testing
4.3 / 5
Testers gave the new experience an average of 4.3 out of 5 when asked how intuitive they found the new product.
“...if we demoed this product against others they were evaluating, this would be number 1”
“4.5 because it’s sleek, intuitive to configure, and easy for beginners.”
“Whoever worked on developing this should get a big shoutout”
“I’m going to say 5 [out of 5]. It was great, figured most things out pretty quick.”
“I’ve looked at some of the competitors and they suck. This is better.”
“4.5 [out of 5] because most everything makes sense, its sleek, and its thoughtful on how its designed. commentary was a little rocky”