Skip to main content
πŸŽ‰ Check out our latest April Release πŸŽ‰ Here

Search

Welcome to Whistic Support

Whistic AI & Security

  • Updated

Table of Contents

Summary

Whistic offers AI-powered features to streamline your third-party risk management processes. These tools help you search documentation faster, summarize lengthy reports, and assess vendor security more efficiently. All AI capabilities are built with enterprise-grade security and privacy protections, giving you control over how and when AI processes your data.

Important: All AI features can be individually enabled or disabled based on your organization's preferences and policies.

AI Features Available

Whistic's AI capabilities help automate time-consuming security assessment tasks:

Smart Search

  • Quickly find answers across vendor documentation
  • Search multiple vendors simultaneously
  • Get confidence scores and source citations

SOC 2 Summarization

  • Transform 75-150 page reports into concise summaries
  • Extract key security controls and exceptions
  • Review audit findings in minutes instead of hours

Vendor Insights

  • Automatically assess vendor alignment with security frameworks
  • Identify compliance gaps and areas needing review
  • Generate targeted follow-up questionnaires

Text Comparison

  • Import and parse custom questionnaires
  • Compare responses across vendors
  • Streamline questionnaire management

Security & Privacy Overview

How We Protect Your Data:

  • Built on the AWS Bedrock framework with enterprise security controls HERE
  • Data encrypted in transit (TLS 1.2) and at rest (AES-256)
  • No data used for AI model training
  • Each customer interaction gets isolated processing sessions
  • SOC 2 Type 2, ISO 27001, GDPR, and CCPA compliant

What We Don't Do:

  • Share your data with external parties
  • Use your data to train AI models
  • Store data beyond processing requirements
  • Mix customer data across sessions

Note: We maintain the same security standards for AI features as the rest of the Whistic platform.

Managing AI Settings

To Enable/Disable AI Features:

  1. Contact your Customer Success Manager or system administrator
  2. AI capabilities can be configured individually per feature
  3. Changes take effect immediately across your account

Product Descriptions

  1. Product Use Case: Whistic facilitates risk assessments of third-party vendors. Customers can send and manage questionnaire requests to prospective vendors. They can add notes and contacts, assign risk ratings and process owners, and review documentation and certifications. Users of the Platform can complete questionnaires for their internal security programs and can keep these responses in reserve for their customers. Additionally, reports can be generated with configurable filters and downloaded to share with internal stakeholders and risk owners.

    Whistic enables companies to proactively engage potential customers. This is achieved by compiling completed questionnaires, audit and certification results, and other supporting documents and sharing them with prospective customers early in the sales process. Whistic customers can also create a non-disclosure agreement (NDA) and require recipients to accept the NDA in the Whistic Platform prior to accessing profile content.

    The Whistic Platform is a proprietary system that showcases participating companies to both buyers and sellers. Companies looking to assess companies and buy their services can access information about potential vendors in the Trust Catalog. They can conduct risk assessments, often without requiring correspondence with the vendor company. Companies selling their services may proactively add completed questionnaires, certifications, and documents to the Trust Catalog, which demonstrates their commitment to security prior to prospective customers formally requesting security documentation.
  2. Please describe the purpose of using AI / Generative AI as part of the use case (see above)Whistic AI assists in Third Party Risk Management (TPRM) processes by significantly reducing the time spent on manual tasks, such as:
  • Searching for answers to questions in security documentation
  • Answering security questionnaires
  • Summarizing lengthy documents (ie. SOC 2 reports) and extracting key details
  • Leveraging available documentation to quickly assess how closely a vendor aligns to a selected security framework, and automatically identifying areas of non-compliance or that need additional review
  • Auto-generating dynamic questionnaires to solicit the information that AI could not answer, reducing the time spent waiting for the vendor to answer lengthy security questionnaires and in back-and-forth exchanges
  • Searching for security answers simultaneously across a group of vendors

Acting as a copilot in the assessment process, Whistic AI provides additional tools that allow the user to inspect and audit the accuracy of the answers it provides, and to edit those answers if needed. These include:

  • A confidence score that indicates whether the available sources provide sufficient information to fully answer the question and whether any other factors (such as contradictory sources) should lower the user’s confidence in the answer
  • A detailed answer explanation of how AI arrived at the answer
  • A prioritized list of the most relevant sources related to that question, and links so the user can easily navigate into the source documents to view the relevant information in context.
  • An editable history of questions asked and answers provided that can be used to help improve AI answers for your organization over time.

Note: Some features, like Smart Search, have non-AI alternatives that remain available even when AI is disabled.

FAQ

Can I turn off AI processing for my account? Yes, AI features are individually configurable. You can disable specific AI capabilities while keeping others active, or turn off all AI processing entirely.

Does Whistic use ChatGPT or OpenAI? No, we don't currently use OpenAI or ChatGPT. All AI features run on AWS Bedrock using models from providers like Anthropic, Cohere, and Amazon.

Will my data be used to train AI models? No, your data is never used to train underlying AI models or improve external AI services. We have enterprise agreements that specifically prevent this.

How accurate are AI responses? We use industry-standard similarity measures and constantly monitor match thresholds for accuracy. You can always review, accept, or reject AI-generated responses.

Do I need updated contracts or NDAs for AI features? Generally, no, since AI features operate under the same security and privacy protections as the main Whistic platform. Contact your CSM if you need specific contractual language.

How is data isolated between customers? Each customer interaction gets its own isolated processing session. While the same AI models are used, separate instances prevent any data mixing between customers.

What compliance certifications cover the AI features? AI features are covered under Whistic's existing SOC 2 Type 2, ISO 27001, GDPR, and CCPA compliance. AWS Bedrock also maintains SOC 2 Type 2 certification.

Can AI features help assess other vendors' AI usage? Yes, Whistic includes pre-built questionnaires specifically for AI risk assessment, including CapAI Assessment, NIST AI Risk Management Framework, ISO 23053, and ISO 42001.

What if my NDA restricts sharing documents with AI tools? Whistic's AI features operate under our standard Terms of Service with the same privacy protections. It's unlikely this violates typical NDAs unless they specifically prohibit AI-supported software.

How can I get help with AI features? Contact your Customer Success Manager for feature configuration, or reach out to security@whistic.com for specific security questions about AI capabilities.

Related to