Skip to main content
Quick Answer FAQs

Here you will find answers to the most frequently asked questions regarding our Quick Answer feature.

Kian avatar
Written by Kian
Updated over 2 months ago

What is Quick Answer?

Quick Answer provides recommendations to suppliers when they first join Risk Ledger, assisting them in setting up their profiles. It enables suppliers to use their previous security questionnaires and security documentation to create suggested answers to complete their business's security assessment. Suppliers can review relevant suggestions, modify them to suit each control, and see the supporting documents that could add relevant evidence.


What policies and documents can I upload?

Uploading policies and other documents helps improve the quality of answer suggestions. These documents can also be used as supporting evidence for answers in the assessment.

Examples of Documents

  • Incident Management Policies

  • Security Policies

  • Access Control Policies

  • Data Protection Policies

  • Business Continuity/Disaster Recovery Policies

  • Asset Management Policies

  • Insurance Policies

  • Remote Work Policies

  • Data Classification Policies

  • Other Internal Policies

  • Security Certifications

  • Audit and Testing Reports


Can I upload previous security questionnaires?

Yes. Previous questionnaires and frameworks that a business has completed can be uploaded to generate answer suggestions. These will be private to the organisation and not shared with connected clients if uploaded during Step 1. Examples include previous RFPs, SIG, CAIQ, and ISO27001/SOC2 reports.


Can I use Quick Answer after starting a manual assessment?

Yes. It is possible to opt-in to using Quick Answer at any point during the initial setup.


What AI LLM model are we using?

We are using Anthropic Claude, hosted in AWS Bedrock. No data is transferred to Anthropic.


Is data used for training AI models?

No. Data uploaded or input into Risk Ledger is not used to train AI models.


Is data transferred to any third parties?

No. Data never leaves Risk Ledger’s AWS cloud environment and is not transferred to any external parties for the purposes of ‘Quick Answer’. Anthropic provides the pre-defined and static AI model to AWS for Risk Ledger’s use, hosted in the AWS Bedrock service. No data is transferred to Anthropic.


How does Quick Answer use my data?

The documents uploaded are pre-processed into fragments of words and short phrases, stored in a database ("embeddings").

An Inference Engine process compares these embeddings with the Security Control Framework questions, passing them to the AI model for analysis and to compose a natural language reply to the questions.

The data processed by the AI model is ephemeral, persisting in memory only for the duration of the processing operation for each question.


How is data segregated between customers?

The documents uploaded, and the embeddings derived, are logically segregated and encrypted in the customer account. These can only be accessed and processed within that customer account using the customer’s assigned encryption key.

The AI model does not store any data. The data processed by the AI model is ephemeral, persisting in memory only for the duration of the processing operation for each question. This avoids the risks of data interference or disclosure to other customers.


What controls do you not make suggestions to?

We do not make suggestions for the following controls:

Control Question

Domain

Domain Letter

Control Number

Link

Which countries do you store personal data in, or transfer personal data to?

Data Protection

J

1

Is your organisation Cyber Essentials certified?

Security Certifications

B

1

Is your organisation Cyber Essentials Plus certified?

Security Certifications

B

2

Is your organisation ISO27001 certified?

Security Certifications

B

3

Does your organisation have public liability insurance?

Financial Risk

XA

18

Does your organisation have professional indemnity insurance?

Financial Risk

XA

20

Does your organisation have employers' liability insurance?

Financial Risk

XA

22

Does your organisation have cyber insurance?

Financial Risk

XA

24


Can I use Answer Suggestions during my reassessment?

Currently, Quick Answer is only supported during a supplier's first assessment.


💡 If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.

Did this answer your question?