CASE STUDY / 03 / FULL-STACK · VRM
VRM Questionnaire Forms
V2 questionnaire engine for Redacto's Vendor Risk Management. Custom renderers, inline comments, AI-powered review, child questionnaires, and RBAC — enabling 5× faster vendor security assessments.
CHALLENGE
Vendor security reviews were too slow and fragmented, with repeated manual work between teams.
CONSTRAINTS
- - Complex questionnaire dependencies and role-based edit permissions.
- - Need to support both lightweight and deep-dive vendor evaluations.
- - Performance pressure with large forms and nested question trees.
ARCHITECTURE CHOICES
- - Created schema-driven renderer pipeline for dynamic question types.
- - Added role-aware comment and review model for collaborative audits.
- - Introduced child questionnaire composition for reusable assessments.
TRADE-OFFS
- - Increased engine complexity to gain flexibility for future workflows.
- - Chose explicit RBAC boundaries over simpler but riskier permissions.
OUTCOME
- - Accelerated vendor evaluation throughput across enterprise teams.
- - Created a reusable foundation for future VRM workflow modules.
INTERACTIVE ARCHITECTURE VIEW
Explore the architecture decisions behind this project. Click through each block to inspect the underlying layers.
Schema Form Engine
Dynamic form renderer supporting question variants, conditional paths, and nested questionnaires.
Schema Parser
Normalizes JSON form definitions into stable render-ready structures.
Renderer Registry
Maps normalized question types to UI components with shared validation hooks.
Review Pipeline
Attaches role-aware comments, AI review suggestions, and approval states.