Vulnsy Docs
Client Portal

QA Workflow

Route reports through a QA review cycle before delivering them to clients — assign reviewers, track approvals, and gate publication on the portal.

The QA workflow ensures every report meets your quality standards before it reaches the client. Reports move through defined statuses, and reviewers can flag issues or request changes before final delivery.

Report Statuses

Every report follows a three-stage lifecycle:

StatusDescription
DraftThe report is being written. Findings, narrative sections, and evidence are still being added or edited.
ReviewThe report is ready for internal review. A reviewer examines the content for accuracy, completeness, and quality.
FinalThe report has been approved and is ready for client delivery.

Review Process

  1. The consultant completes the report and sets the status to Review
  2. A reviewer is assigned to examine the report
  3. The reviewer checks findings, narrative content, evidence, and formatting
  4. If changes are needed, the reviewer flags specific issues and the status returns to Draft
  5. Once all issues are resolved, the reviewer approves the report and sets it to Final
  6. The finalized report is exported and shared through the portal

Only users with the appropriate permissions (typically Admin or Consultant roles) can change report statuses and approve reports.

Best Practices

  • Establish review criteria -- define what reviewers should check (e.g., severity accuracy, evidence quality, remediation clarity)
  • Use the Draft-Review-Final cycle consistently -- avoid sharing reports that have not been through review
  • Assign dedicated reviewers -- separate the person writing the report from the person reviewing it

Treat Final as locked by convention — if further changes are needed after finalization, move the report back to Draft so reviewers know it needs another pass.

On this page