QueryPal is now SOC2 Compliant!

Introduction

At QueryPal, our experienced team is committed to not just meet but exceed the highest standards of data protection and privacy. The QueryPal team, led by CEO Dev Nag and composed of veterans from Wavefront and major tech companies, exemplifies a rich history in security, compliance, and successful enterprise management.

At Wavefront, we successfully implemented SOC 2™ compliance and managed significant enterprise customers like VMware. After the company’s acquisition by VMWare in 2017, the team grew revenues to over $100 million. This foundational experience, combined with the diverse background of our founding team from leading tech giants and support from Sequoia Capital, underscores our commitment to trust, reliability, and security in serving our clients.

QueryPal is revolutionizing organizational workflow by integrating with platforms like Slack and Microsoft Teams to empower employees to self-serve their questions with an AI chat assistant. By employing advanced knowledge bases, our platform delivers instant, accurate answers, significantly lightening the team's load.

Today, we are excited to announce that QueryPal is SOC2 compliant, as tracked by Vanta and third-party SOC2 audit specialist Sensiba.

A Deep Dive into QueryPal’s Technology and SOC 2 Commitment

This article will provide a brief outline of QueryPal’s data privacy and retention policies, and detail our approach to risk mitigation. In the lifecycle of a query within QueryPal's Knowledge Automation platform, the process is meticulously designed to ensure user satisfaction through rapid and relevant responses. By scanning and indexing vast document stores of all structures, the system aims to deliver comprehensible answers within 10 seconds, eliminating the need for human intervention.

Utilizing advanced Large Language Models (LLMs) for semantic analysis and leveraging secure data encryption, both in transit and at rest, the platform updates its indexes frequently to maintain accuracy.

Our approach to data security and privacy is rigorous and proactive, incorporating:

Encryption: All data, both in transit and at rest, is encrypted.
Administrator Control: Data is indexed solely through administrator opt-in, with strict access controls and retention policies ensuring data is only retained while actively opted-in.
Comprehensive Access Controls: Including unique authentication, systematic restrictions on production deployment, and mandatory multi-factor authentication for remote access, among others.

Moreover, our SOC 2 journey underscores our unwavering dedication to security. We've meticulously implemented SOC 2 controls, from comprehensive data encryption to rigorous vulnerability assessments and penetration testing. Our phases of SOC 2 compliance—from initial focus on data security to ongoing implementation of controls and external audit preparation—reflect a holistic approach to safeguarding client data. In partnership with Vanta and audited by Sensiba, we've completed the SOC 2 Type 1 processes and are progressing towards Type 2, evidencing our dynamic commitment to continuous security improvement.

Beyond data privacy and retention policies, identifying and mitigating potential risks is core to our operation.

Our risk mitigation strategy includes:

Vendor Risk Management: Conducting thorough security assessments to ensure our extended supply chain meets our high security and data protection standards.
Risk Identification and Assessment: Regular assessments to proactively identify potential threats.
Preventative Controls Implementation: Based on risk assessments, we've implemented robust encryption practices, secure network configurations, and stringent access controls.

Additionally, we have partnered with several security platforms as part of our ongoing commitment to security, demonstrating our capability to meet and exceed enterprise-grade security expectations.

Join us on this journey as we continue to redefine Knowledge Automation with a steadfast focus on security. Thank you for considering QueryPal as your trusted partner in innovation and safety.