Third Party Risk Management (TPRM) / Vendor Management

Using Comply AI in Third Party Risk Management

Comply AI for Third Party Risk Management (TPRM) comes with Advanced TPRM plans. This feature reads security compliance documentation that you upload to a vendor profile to answer your internal security review questions.

For example, you may want to extract an answer to a question like “Describe the customer data the vendor requires to provide its service: personal information, financial data, confidential/sensitive data, government data” from a document such as your vendor’s SOC 2 Type II report that you have hosted on their vendor profile in Secureframe TPRM. Comply AI will attempt to parse an answer from the document and surface it to you for your review.

If you’re interested in Comply AI for TPRM and you don’t yet have a plan that includes Advanced TPRM, please reach out to your Secureframe account manager.

For a refresher on creating and configuring security review questions themselves, check out this help article.

Disclaimer: Comply AI can make mistakes. If you’re not sure that a generated answer is valid, it’s best to consult the source documents from your vendor to verify.

Using Comply AI in TPRM

  1. Navigate to a vendor review in Secureframe TPRM by going to Vendors, then clicking Vendor reviews on the top right, then clicking on a scheduled review cycle in the Pipeline tab. Once you’re looking at an individual vendor review page, go to the Documents tab
  2. Upload any documents related to the vendor’s security posture. Penetration tests, SOC 2 reports, ISO certificates, etc.
  3. Go to the Internal review tab
  4. Here, you should see your configured list of vendor review questions. On the top right, click Answer all with Comply AI. You can alternatively open questions one-by-one and click Generate with Comply AI in the answer text area.
  5. Comply AI will process and attempt to fill in any questions in your internal review question set.
  6. Once you see results, we recommend reviewing these to determine if there are any findings you should add to the review. To add a finding from an internal review question, just open the question modal, enter a comment, check the box for “Mark comment as finding," and then send the message.
  7. Once you’re satisfied with the answer to a question, click Complete to mark it as finished.

Accepted document formats for Comply AI

Comply AI accepts the following documents to process answers:

File type Mime type
.c text/x-c
.cs text/x-csharp
.cpp text/x-c++
.doc application/msword
.docx application/vnd.openxmlformats-officedocument.wordprocessingml.document
.html text/html
.java text/x-java
.json application/json
.md text/markdown
.pdf application/pdf
.php text/x-php
.pptx application/vnd.openxmlformats-officedocument.presentationml.presentation
.py text/x-python
.py text/x-script.python
.rb text/x-ruby
.tex text/x-tex
.txt text/plain
.css text/css
.js text/javascript
.sh application/x-sh
.ts application/typescript

 

Getting the best performance from Comply AI

It’s common practice to encrypt PDFs like SOC 2 reports. However, for the best performance, we recommend uploading compliance documentation with passwords removed.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.