Frequently Asked Questions

I want to learn more about:
Getting Started
Tentacle Projects
Connections & Project Sharing
Data Imports
Viewing 22 Topics
What is an information security program? Why is it important for my organization to have one?
An information security program guides an organization in its quest to safeguard its key business processes, IT assets, and all data that is stored, processed, and transmitted. Third-parties often require their partners to have an information security program in place, in order to reduce the potential risk of data breaches, threats, and other potentially harmful business activities.
What is a holistic information security program?
A holistic information security program consists of policies, procedures, standards, and related activities and initiatives that have been operationalized within the organization, in order to support and protect the organization’s information technology framework.
Our organization is in the early stages of establishing our information security program. Where should we begin?
First, we suggest completing the “General Project Details” questions, which are found within the Tentacle Categories. Second, we recommend scanning the Tentacle Collections for topics that may be most relevant to your organization. These questions will help shine a light on the types of issues typically addressed by a strong information security program. Additionally, if you are seeking to benchmark your organization against a particular Framework, you can filter questions by the specific Framework you're interested in. Throughout this process, utilize the Document Library to centralize all documentation related to your growing information security program.
What are Frameworks?
Frameworks, most often published by governmental and industry groups, are a series of suggested controls, procedures, policies, standards, and processes for protecting an organization's critical infrastructure, assets, and data.
What is a security assessment?
A security assessment is a process designed to uncover an organization's potential information security risks and vulnerabilities. Third-parties often require their partners to fill out a security assessment questionnaire prior to engaging in a partnership, and on an annual basis thereafter.
Which employee(s) typically handle security assessments?
Ideally, security assessments are handled by a dedicated information security manager, who is a member of a larger information security (or cybersecurity) team. For smaller organizations, security assessments are often handled by a member of IT or another employee who has sufficient access and knowledge to complete the assessment (e.g., CEO, COO, other).
What are Projects?
Create a "Project" to begin capturing and centralizing all Question responses and documentation related to your overall organization. Or, create a Project to track information related to a specific division or branch within your organization.
How can I rewatch my Tentacle "Projects Tour"?
The Projects Tour can be accessed at any time.
  1. From the left menu bar, select Settings.
  2. Click on the Support tab.
  3. Under Resources, click on View Projects Walkthrough.
How do I map my information security program details to specific Frameworks within Tentacle?
Most questions within Tentacle are mapped to a particular Framework. To address questions that are mapped to a specific Framework:
  1. From the left menu bar, select Projects.
  2. Select the Internal Project you wish to work on.
  3. Within the Question Library section, scroll to the bottom to select the specific Framework you wish to address.
  4. If you are not sure which Frameworks are most applicable to your organization, complete the Questions within the “General Project Details” category.
On average, how long should it take to complete a Project within Tentacle?
Since each Project is ultimately designed by the user, there are no standard time frames for completion. Some Projects may focus on a limited number of Frameworks, Categories, or Collections -- while others may be much more expansive.
Can multiple people within my organization have access to a single Tentacle account?
Yes, Tentacle allows organizations to assign multiple users to their account. The maximum number of internal users is based on the organization's subscription plan. The organization's account creator determines who has access, along with the level of access.
Why do some Questions require me to add “Additional Notes” when I provide an answer other than Yes?
Tentacle wants to make sure that users have the opportunity to fully explain themselves. This is especially true for non-Yes responses, where the underlying issue may range from being not applicable to organization to being a big, unresolved issue. Similarly, Tentacle wants Connected parties to be able to better understand their partners' non-Yes responses.
Can I import a security questionnaire that I have already completed into Tentacle?
Unfortunately, Tentacle does not currently support the capability to import security questionnaire responses. We fully understand the value this functionality would provide. We have this feature on our product roadmap and will let our community know as soon as it's available.
Can I import security responses that I have already drafted into Tentacle?
Unfortunately, Tentacle does not currently offer this capability. However, our team is actively working to develop technology that will perform this service in the future. We will let our community know as soon as it's available.
Are there resources available within Tentacle that can help our organization improve its security posture?
Tentacle provides several resources within the application to help educate organizations on how they might improve their security posture.
  1. When responding to a question, users can click on the right menu panel and find definitions for key terms, providing additional clarity and context for the question being asked.
  2. Many questions also provide a recommendation for the type of internal documentation that may address the issue being asked.
  3. The Project Summary dashboard provides a helpful overview of the security posture of a particular Project. It provides a summary of your organization's overall response sentiment (e.g. Yes vs. No responses), along with the Categories and Frameworks that have been addressed to-date. The Project Summary dashboard can be accessed through the the top menu panel.
Can Tentacle help us write our security policies and procedures?
Tentacle does not currently provide services for assisting in the creation of security policies or other internal documents. Our team is researching potential ideas on how we might expand our platform to provide users with additional resources to help them create and update their internal information security documentation.
How can I share my information security program details (question responses, documentation, etc.) with my partners through Tentacle?
You can securely share your organization’s information security program details through Tentacle Connections.
  1. On the left menu, select Connections.
  2. Click on the New Connection button in the top right corner.
  3. Click Share My Projects.
  4. Select the Project you’d like to share, name the link (optional), then click Create link.
  5. Copy the Tentacle Magic Link and email it to the desired party.
I would like to share my information with a third-party through a Tentacle Connection. How much information does the third-party need to provide in order to access my shared Project?
All Connections must sign-up for Tentacle by providing a work email address and standard company information.
Where can I find the security code for a Connection I added?
The security code required to create a Connection is located in the Tentacle Magic Link details. Navigate to the Connections page, then select Connection Links.
I have updated my Project with additional question responses and documentation. Do my Connections receive notification of Project updates?
Your Connections have ongoing, real-time visibility into the Project(s) you have shared with them. They do not receive an email or other notification when a change is made. Rather, they get a real-time view, at all times, through Tentacle.
As Tentacle is now a third-party information security management tool for our organization, do we have access to Tentacle’s information security program details?
Absolutely! You can request Tentacle's information security program details through Tentacle Connections.
  1. On the left menu, select Connections.
  2. Click on the New Connection button in the top right corner.
  3. Click Send an Assessment Link.
  4. Specify the information you'd like to receive, then click Create link.
  5. Copy the Tentacle Magic Link and email it to us at
What happens if a third-party does not accept security assessments through Tentacle?
We recognize that not every third-party is currently willing to forgo their historical assessment processes. If you find yourself still subjected to manual, repetitive, spreadsheet-based assessments, we are truly sorry! Please encourage these third-parties to consider accepting responses through Tentacle, as it is a more efficient and effective way for them to vet your information security program. We are also working on a couple of features that will make it easier for you to share information you have inputted into Tentacle with entities that are not currently on the Tentacle platform.