What is Quick Answer?
Quick Answer provides recommendations to suppliers when they first join Risk Ledger, assisting them in setting up their profiles. It enables suppliers to use their previous security questionnaires and security documentation to create suggested answers to complete their business's security assessment. Suppliers can review relevant suggestions, modify them to suit each control, and see the supporting documents that could add relevant evidence.
What policies and documents can I upload?
Uploading policies and other documents helps improve the quality of answer suggestions. These documents can also be used as supporting evidence for answers in the assessment.
Examples of Documents
Examples of Documents
Incident Management Policies
Security Policies
Access Control Policies
Data Protection Policies
Business Continuity/Disaster Recovery Policies
Asset Management Policies
Insurance Policies
Remote Work Policies
Data Classification Policies
Other Internal Policies
Security Certifications
Audit and Testing Reports
Can I upload previous security questionnaires?
Yes. Previous questionnaires and frameworks that a business has completed can be uploaded to generate answer suggestions. These will be private to the organisation and not shared with connected clients if uploaded during Step 1. Examples include previous RFPs, SIG, CAIQ, and ISO27001/SOC2 reports.
Can I use Quick Answer after starting a manual assessment?
Yes. It is possible to opt-in to using Quick Answer at any point during the initial setup.
What AI LLM model are we using?
We are using Anthropic Claude, hosted in AWS Bedrock. No data is transferred to Anthropic.
Is data used for training AI models?
No. Data uploaded or input into Risk Ledger is not used to train AI models.
Is data transferred to any third parties?
No. Data never leaves Risk Ledger’s AWS cloud environment and is not transferred to any external parties for the purposes of ‘Quick Answer’. Anthropic provides the pre-defined and static AI model to AWS for Risk Ledger’s use, hosted in the AWS Bedrock service. No data is transferred to Anthropic.
How does Quick Answer use my data?
The documents uploaded are pre-processed into fragments of words and short phrases, stored in a database ("embeddings").
An Inference Engine process compares these embeddings with the Security Control Framework questions, passing them to the AI model for analysis and to compose a natural language reply to the questions.
The data processed by the AI model is ephemeral, persisting in memory only for the duration of the processing operation for each question.
How is data segregated between customers?
The documents uploaded, and the embeddings derived, are logically segregated and encrypted in the customer account. These can only be accessed and processed within that customer account using the customer’s assigned encryption key.
The AI model does not store any data. The data processed by the AI model is ephemeral, persisting in memory only for the duration of the processing operation for each question. This avoids the risks of data interference or disclosure to other customers.
What controls do you not make suggestions to?
We do not make suggestions for the following controls:
Control Question | Domain | Domain Letter | Control Number | Link |
Which countries do you store personal data in, or transfer personal data to? | Data Protection | J | 1 | |
Is your organisation Cyber Essentials certified? | Security Certifications | B | 1 | |
Is your organisation Cyber Essentials Plus certified? | Security Certifications | B | 2 | |
Is your organisation ISO27001 certified? | Security Certifications | B | 3 | |
Does your organisation have public liability insurance? | Financial Risk | XA | 18 | |
Does your organisation have professional indemnity insurance? | Financial Risk | XA | 20 | |
Does your organisation have employers' liability insurance? | Financial Risk | XA | 22 | |
Does your organisation have cyber insurance? | Financial Risk | XA | 24 |
|
Can I use Answer Suggestions during my reassessment?
Currently, Quick Answer is only supported during a supplier's first assessment.
💡 If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.