Blog · Tag
evidence.
6 posts in this archive.
The DDQ evidence-provenance API
External auditors can now walk from a DDQ answer back to the source evidence without opening the KB. The endpoints, the auth model, and what we hardened before shipping.
The weekly DDQ evidence-freshness sweep
A 20-minute weekly routine that catches stale evidence links before a reviewer does. What the sweep covers, what it skips, and why we recommend it for teams that answer more than one DDQ a month.
In preview: auto-attachment of evidence on DDQ answers
Auto-attachment of evidence PDFs — SOC 2, pentest, policy documents — to DDQ answers that cite them. In preview for design-partner tenants while DDQ workflows mature toward general availability.
The evidence vault: where SOC 2 PDFs live and how they cite
How a DDQ answer citing 'SOC 2 report, section CC6.1' actually finds the right PDF, serves it to the right buyer, and keeps the audit trail. The storage, access, and audit layer underneath.
The DDQ evidence-attachment API
How buyer-side evidence-request fields get auto-populated from a KB evidence vault. The schema, the matching logic, and the human-in-the-loop step we will not remove.
Security questionnaires: linking answers to evidence
How a SOC 2 attestation PDF becomes a citation source for DDQ answers. The ingest pipeline, the per-control extraction, and the per-claim linking that makes 'yes' answers verifiable instead of theatrical.
See the proposal workflow
Take the 5-minute tour, then start a trial workspace when you're ready to run a real pursuit against your own source material.