Comply AI for Vendor Risk Management (VRM) is available with Advanced plans. This feature analyzes the security compliance documentation you upload to a vendor profile to automatically answer your internal security review questions.
For example, you may want to extract an answer to a question like “Describe the customer data the vendor requires to provide its service: personal information, financial data, confidential/sensitive data, government data” from a document such as your vendor’s SOC 2 Type II report that you have hosted on their vendor profile in Secureframe Vendor Risk Management. Comply AI will attempt to parse an answer from the document and surface it to you for your review.
If you’re interested in Comply AI for Vendor Risk Management and you don’t yet have that plan, please reach out to your Secureframe Account Manager.
For a refresher on creating and configuring security review questions themselves, check out this help article.
Disclaimer: Comply AI can make mistakes. If you’re not sure that a generated answer is valid, it’s best to consult the source documents from your vendor to verify.
Using Comply AI in Vendor Risk Management
- Navigate to a vendor review in Secureframe Vendor Risk Management by going to Vendors, then clicking Vendor reviews on the top right, then clicking on a scheduled review cycle in the Pipeline tab. Once you’re looking at an individual vendor review page, go to the Documents tab
- Upload any documents related to the vendor’s security posture. Penetration tests, SOC 2 reports, ISO certificates, etc.
- Go to the Internal review tab
- Here, you should see your configured list of vendor review questions. On the top right, click Answer all with Comply AI. You can alternatively open questions one-by-one and click Generate with Comply AI in the answer text area.
- Comply AI will process and attempt to fill in any questions in your internal review question set.
- Once you see results, we recommend reviewing these to determine if there are any findings you should add to the review. To add a finding from an internal review question, just open the question modal, enter a comment, check the box for “Mark comment as finding," and then send the message.
- Once you’re satisfied with the answer to a question, click Complete to mark it as finished.
Accepted document formats for Comply AI
Comply AI accepts the following documents to process answers:
| File type | Mime type |
.c |
text/x-c |
.cs |
text/x-csharp |
.cpp |
text/x-c++ |
.doc |
application/msword |
.docx |
application/vnd.openxmlformats-officedocument.wordprocessingml.document |
.html |
text/html |
.java |
text/x-java |
.json |
application/json |
.md |
text/markdown |
.pdf |
application/pdf |
.php |
text/x-php |
.pptx |
application/vnd.openxmlformats-officedocument.presentationml.presentation |
.py |
text/x-python |
.py |
text/x-script.python |
.rb |
text/x-ruby |
.tex |
text/x-tex |
.txt |
text/plain |
.css |
text/css |
.js |
text/javascript |
.sh |
application/x-sh |
.ts |
application/typescript |
Getting the best performance from Comply AI
It’s common practice to encrypt PDFs like SOC 2 reports. However, for the best performance, we recommend uploading compliance documentation with passwords removed.
Comments
0 comments
Article is closed for comments.