🤖 AI Features Available

Whistic's AI capabilities help automate time-consuming security assessment tasks:

Smart Search

• Quickly find answers across vendor documentation
• Search multiple vendors simultaneously
• Get confidence scores and source citations

SOC 2 Summarization

• Transform 75-150 page reports into concise summaries
• Extract key security controls and exceptions
• Review audit findings in minutes instead of hours

Vendor Insights

• Automatically assess vendor alignment with security frameworks
• Identify compliance gaps and areas needing review
• Generate targeted follow-up questionnaires

Text Comparison

• Import and parse custom questionnaires
• Compare responses across vendors
• Streamline questionnaire management

🔒 Security & Privacy Overview

How We Protect Your Data:

• Built on the AWS Bedrock framework with enterprise security controls HERE
• Data encrypted in transit (TLS 1.2) and at rest (AES-256)
• No data used for AI model training
• Each customer interaction gets isolated processing sessions
• SOC 2 Type 2, ISO 27001, GDPR, and CCPA compliant

What We Don't Do:

• Share your data with external parties
• Use your data to train AI models
• Store data beyond processing requirements
• Mix customer data across sessions
• Whistic does not Geoblock †

⚙️ Managing AI Settings

To Enable/Disable AI Features:

1. Contact your Customer Success Manager or system administrator
2. AI capabilities can be configured individually per feature
3. Changes take effect immediately across your account

📋 Product Descriptions

Product Use Case:

Whistic facilitates risk assessments of third-party vendors. Customers can send and manage questionnaire requests to prospective vendors. They can add notes and contacts, assign risk ratings and process owners, and review documentation and certifications. Users of the Platform can complete questionnaires for their internal security programs and can keep these responses in reserve for their customers. Additionally, reports can be generated with configurable filters and downloaded to share with internal stakeholders and risk owners.

Whistic enables companies to proactively engage potential customers. This is achieved by compiling completed questionnaires, audit and certification results, and other supporting documents and sharing them with prospective customers early in the sales process. Whistic customers can also create a non-disclosure agreement (NDA) and require recipients to accept the NDA in the Whistic Platform prior to accessing Trust Center content.

The Whistic Platform is a proprietary system that showcases participating companies to both buyers and sellers. Companies looking to assess companies and buy their services can access information about potential vendors in the Trust Center Exchange. They can conduct risk assessments, often without requiring correspondence with the vendor company. Companies selling their services may proactively add completed questionnaires, audit certifications, and documents to the Trust Center Exchange, which demonstrates their commitment to security prior to prospective customers formally requesting security documentation.

Please describe the purpose of using AI / Generative AI as part of the use case (see above)

Whistic AI assists in Third Party Risk Management (TPRM) processes by significantly reducing the time spent on manual tasks, such as:

• Searching for answers to questions in security documentation
• Answering security questionnaires
• Summarizing lengthy documents (ie. SOC 2 reports) and extracting key details
• Leveraging available documentation to quickly assess how closely a vendor aligns to a selected security framework, and automatically identifying areas of non-compliance or that need additional review
• Auto-generating dynamic questionnaires to solicit the information that AI could not answer, reducing the time spent waiting for the vendor to answer lengthy security questionnaires and in back-and-forth exchanges
• Searching for security answers simultaneously across a group of vendors

Acting as a Whistic AI in the assessment process, Whistic AI provides additional tools that allow the user to inspect and audit the accuracy of the answers it provides, and to edit those answers if needed. These include:

• A confidence score that indicates whether the available sources provide sufficient information to fully answer the question and whether any other factors (such as contradictory sources) should lower the user's confidence in the answer
• A detailed answer explanation of how AI arrived at the answer
• A prioritized list of the most relevant sources related to that question, and links so the user can easily navigate into the source documents to view the relevant information in context.
• An editable history of questions asked and answers provided that can be used to help improve AI answers for your organization over time.

❓ FAQ