Core compliance information allows your team to access and change some of the most common security questions all in one organized hub, creating a structured list of compliance data. Since the questions in core compliance information are not contained in an active questionnaire, our software is not limited to a single way these questions can be asked. Your answers will be applied to a wide variety of ways these questions are worded on security questionnaires, which results in core compliance answers generating a higher autofill rate on your questionnaires.
To view and edit your team's compliance information, head to Settings > Knowledge Management > Core Compliance Information. From there, you'll be able to see three categories titled General Information, Compliance, and Policies. Each section contains the top areas covered by security questionnaires for your team to fill out. You can change your answers at any time with no need to flag an outdated response.
- General Information
The General Information section contains questions about your organization, product, and any physical data centers or office spaces you may have.
The Compliance section is where you can upload files for your audit reports and denote with which requirements your organization is compliant. The subsections will expand depending on how many of these your organization has (SOC II, ISO, etc).
In this section, you can provide links to external-facing policies or upload files. This means that by attaching your company’s relevant documents in the Policies section, a "Yes" will be autofilled for any questions asking whether your organization has established this policy.
Note: Uploading policies to core compliance information will results in these policies being stored under the Documents page. This is where you can go to change the document name, owner, due date, and other settings related to the document.
If any members of your team have questions about core compliance information, please reach out to firstname.lastname@example.org.