Efficiently responding to security questions requires more than just a set of data and someone who uses that data to respond. It requires various elements such as having up-to-date, clean and structured data, knowing how to manage and maintain that data, and being able to collaborate efficiently.
Therefore, we decided to divide the best-in-class practices for responding to security questionnaires into three chapters in order to cover all aspects. Each chapter will be published weekly including:
Building a knowledge base is crucial as it serves as the central repository of information, allowing the system to efficiently retrieve data needed to respond to security questionnaires through Retrieval-Augmentation-Generation (RAG) for example. This also means that the quality and accuracy of responses generated by AI are determined by how you build and manage your knowledge base. There are many ways to build a knowledge base, but today, the Skypher team will show you how to build the best knowledge base in 2 steps.
When you create a knowledge base from scratch, our team will help you to set it up. We will guide you through the best content selection process. Once we have identified together the right sets of data, Skypher will automatically build the knowledge base based on what you provided. Everything will be labeled and classified so you can make sure people have the right information when they need to confirm a response. Skypher comes pre-built with a powerful security framework that will help you structure your information. It’s not necessary to provide a load of data at the beginning. However, we recommend you to provide main sets of data including:
By providing all of this, we can ensure that all data will be sufficient to respond to questionnaires during the POC or the initial stage of the deployment.
Additionally, you can also sync your knowledge base on Skypher with other external data sources, such as Google Drive, and internal or public web pages and wikis, such as an internal wiki. Thus, you don't need to manually move data between platforms and all data on Skypher will be updated automatically whenever changes are made elsewhere.
After providing all the documents, the next question might be “What are we going to do with all the data you provided?” The answer is we’re going to do the setup for you by putting all this data in the knowledge base, create templates* based on your security documents, and make it all ready to be used in responding to questions in security questionnaires. We are able to extract information from all your PDFs and structure it into templates (e.g extract a few lines from a document to respond to a question. All the documents are vectorized in the library making this unstructured data usable and searchable. We use Qdrant to do this. Users can later modify, delete, and add more data later by themselves in the knowledge base.
*A template is a set of a question and answer taken from documents that users provide. It’s used in responding to questions in questionnaires based on the accuracy score. You can update templates when you have better answers. Thus, you can always start responding to questions with the best suggestions.
Skypher will usually attach 20-30 similar questions to just one response as Enterprises usually formulate the questions a bit differently but expect the same response. We have built an entirely automated alias system that helps you to gather all similar questions in one template with one response. All this in order to keep your knowledge base easier to manage and maintain over time.
For the final step in setting up your knowledge base, we’ll define the logic in the data system together with you in order to structure the data. Questions regarding the definition of logic can include:
To sum things up, Company Wide is the place where all data is shared with every product. For example, usually one question has a different answer depending on each product. However, for more general questions, they will be kept in a company Wide as they share the same answers for every product. By doing this, you can avoid the duplication of content in every product.
At Skypher, we also have a tagging feature that allows you to tag templates, so you know where or which category these templates belong. For example, you can also divide your data with NDA and Non NDA tags to differentiate the content you share with your customers depending on if they signed an NDA in the process. Moreover, we have an ownership feature that makes sure each user is accountable for maintaining data. (We’ll dive deeper into these essential features in the next article.)
Voila! Now you have the right knowledge base that is ready to be used. You have to always remember that all data used in the knowledge base should be up-to-date and maintaining it is crucial if you want your different teams to trust the software and see the automation results grow over time!
Security Questionnaire automation is only achievable if you get this first step right as otherwise you will only feed the algorithm with false or outdated data. We will cover this in the following parts of this blog post series.
Please feel free to reach out to us here if you need more information regarding the setup of your data. Thank you so much for your time and attention for this article. We hope to see you next week on the topic of “How to manage and maintain the data in the knowledge base.”
Have a good day!
Discover the latest news from Skypher whether it is features release, new customer stories, guides or updates
