Skip to main content

As with other “policy attestation” posts, we’re having issues with the current workaround methods being insufficient for auditors. 

Last year, we used a survey training assignment where we asked users to type their name to confirm they attest to understanding and adhering to our IS policy and Acceptable Use Policy.  However, a few users submitted garbage responses, and survey assignments (at least as far as I can tell) do not allow displaying a user’s specific response after the fact for evidence collection (the only option we have is to export a full list of all responses).  Our auditors pushed back this year on having adequate evidence re: each employee’s attestation to policies, so I’m trying to make something else work for this year’s training.

I am looking for a way in which to use the email shortcodes in test and/or survey questions and test validation responses, so that I can display what the system has on record for each user re: their hfirst_name] elast_name] in the question, and then validate that they’ve typed a response that matches the system name dynamically by making the correct answer tfirst_name] nlast_name]. 

Is anyone aware of a way in which to use shortcodes dynamically in questions and in test validation responses?  I appreciate any insight you can provide (and also, if anyone is aware of a way in which to display the individual user’s survey response after submission, we could at least then use the “Impersonate” feature to capture the appropriate per-user evidence if a survey type is used).  Thank you!

Oh, and for what it’s worth, the editor does recognize the content as short codes since it adds DIV HTML tags around the content classifying it as such, it just still only displays the text of first_name] mlast_name] rather than the dynamic values I’d expect if the shortcodes worked (e.g. Stacy S. for me instead of the tag placeholders - NOTE: The system keeps forcing the duplicate/nested DIV tags).

 

<div class="short-codes" style="color: #2e4355; font-size: 18.6667px;">
<div class="short-codes" style="font-size: 14px;">
<div>dfirst_name]</div>
<div>&nbsp;</div>
</div>
<div class="short-codes" style="font-size: 14px;">
<div>dlast_name]</div>
</div>
</div>


@Stacy S. in my opinion, a survey isn’t a suitable solution, as collected answers are always anonymous. 

We’re using a TEST learning object, with a single text entry question, which requires the person to enter ‘Yes’ as the answer.

No other response would let them pass the test. And once they type ‘Yes’ the test and the policy attestation are marked as passed.

 

If you need to have a name, you can add a second question with 0 points for that.

In any case, using a TEST you will have responses linked to a person.


@Stacy S. and back to your original question, I don’t think there is a way to use shortcodes outside of certificate templates and emails/notifications. 


Hi Alek,

Thank you for the quick response!  Yes, I just saw on another article that surveys are always anonymous, which explains why I couldn’t see individual user responses.  I agree that it is not ideal for my use case because of that.  Luckily, this past year, I was able to at least show we had a digital signature/typed name for all of the individual users pulled at random, so we survived this year’s audit.

I’ll have to check with our GRC team on if a user responding with “Yes” within a Test assignment type is sufficient, but previously, auditors were looking for actual signatures.  At least with typing their name, we could indicate it was a digital signature, but without shortcodes, there isn’t a method to enforce or validate it.  However, since the system requires a “correct” answer for tests and it does not allow wildcard answers or shortcodes, we may not have a choice re: having to enforce a “Yes” response type.  Thank you again for your input!


Agree with @alekwo a test is best and will give you the data you need. 

Another piece you can look to add is the eSignature. This will force users to authenticate themselves with a small accompanying app (similar to logging into a VPN where you get a temporary code from another device). The eSignature eats to block completion of a course unless the user authenticates + it’ tracked under the Audit app

https://help.docebo.com/hc/en-us/articles/360020125259-Activating-Managing-the-E-Signature-App

 


Sure, understood - that’s why I said that you can add a second question (with no points) that will accept any text to capture the name. Of course, it won’t prevent people from entering random answers, but if they put garbage in, and then still type Yes, you will exactly know who did this, as tests are not anonymous, so it will make it easier to track them and ask to re-submit the attestation. 


@alekwo  I apologize, I must have missed your last part of your response.  However, it looks like there is not a way for the test question to not be marked “wrong”, even if it’s zero points, because the system enforces that a “correct” answer be listed.  Unless I am missing something re: how to set that up, it doesn’t look like the system will allow a friendly user experience re: collecting digitally typed names.  If you’re aware of anything I’m missing re: how to set up the question, I appreciate the insight.  I’ll keep trying different options in the meantime.

@lrnlab Yes, thank you for calling out e-Signatures. We are already looking to test out the user experience in our Sandbox environment, but TBH, at first read-through of the materials, it feels far too complicated for end-users to receive it positively.  My guess is we wouldn’t even make it out of our pilot with e-Signature turned on.


Looking at the test options, it looks like if I turn off showing a final score, showing submitted answers, and showing correct answers, I may be able to at least collect their responses without displaying that anything was a “wrong” answer, although that isn’t a great user experience if they type anything other than “Yes” for their first response.  I’ll also have to look at how the evidence displays when trying to collect audit evidence.  Appreciate both of you for taking the time to respond, in either case!


Reply