Table of Contents
Summary
We are frequently asked what types of information a company should add to their Knowledge Base to make Whistic AI as smart as possible in answering questions about their organization.
Here are examples of security documents that are frequently included in Whistic Trust Centers, requested as part of Whistic assessments, or that may hold answers to specific questions:
📄 Most Commonly Requested Security Documents
- Security White Paper and/or Security FAQs
- SOC 2 Report
- Acceptable Use Policy
- Access Control Policy
- Asset Management Policy
- Business Continuity / Disaster Recovery Plans
- Change Management Policy
- Computer Encryption Policy
- Data Backup Policy
- Data Classification and Handling Policy
- Data Encryption Policy
- Data Flow Diagram
- Employee Training and Awareness Policy
- Incident Response Plan
- Information Security Policy and Procedures
- Physical Security Policy
- Privacy Policy
- Terms and Conditions
- Vendor Management Policy
- Web Application Security Policy
🏅 Most Commonly Requested Certifications and Audits
- HIPAA Certification
- FedRAMP Certification
- Privacy Shield Certification
- PCI, SOC2, HiTrust or ISO Reports and Certificates
- Pen Test Letter of Engagement
- Vulnerability Scan Results
- Other independent or third-party audit reports
📋 Previously Answered Security Questionnaires
CAIQ, VSA, SIG Lite, etc. – whichever ones your customers request most often.
These can be answered in Whistic by self-accessing using Whistic's library of Industry Standard Questionnaires, or you can upload previous questionnaire spreadsheets (exported from wherever you answered them, and uploaded as documents in Knowledge Base).
Don't worry if you don't have all of these documents or if your documents are named differently or if you combine several of these topics in a single document. Whistic AI can sort through that. Start by just uploading what you have.
🤖 How Whistic AI Uses Your Knowledge Base Data
- Whistic AI is only as smart as the information you provide. The more data you provide, the "smarter" it will be at answering questions about your security policies and practices.
- Information stored in your Knowledge Base is only used to answer questions from the Knowledge Base page or via the Chrome Plugin. That means Knowledge Base is "Internal Only" – it is only available to your managed internal users who are either Whistic Admins or who have the User Permission: AI/Knowledge Base. Whistic AI will never share these documents with third parties and will never return answers based on this information to your customers or anyone unless you also include the sources on a Trust Center you have shared with that person.
- If a Trust Center recipient is searching your Trust Center for answers using Smart Search, Whistic AI is only as "smart" as the documentation you provide on that Trust Center. It literally knows nothing about what else is in your Knowledge Base. With more and more customers using Whistic AI to assist in their Third Party Risk Assessment processes, it makes sense to be as generous as is reasonable in providing source materials as part of the Trust Centers you share with your customers.