PursuitAgent
Menu

Field notes

In preview: auto-attachment of evidence on DDQ answers

Auto-attachment of evidence PDFs — SOC 2, pentest, policy documents — to DDQ answers that cite them. In preview for design-partner tenants while DDQ workflows mature toward general availability.

PursuitAgent 2 min read Engineering

In preview this week for design-partner tenants: auto-attachment of evidence PDFs to DDQ answers that cite them. When a DDQ answer cites “SOC 2 report, section CC6.1,” the current SOC 2 PDF is staged to the response package automatically. No more pulling files out of a shared drive after the questionnaire is otherwise done.

This was the most-requested item on the DDQ workflow feedback board since the auto-answer path entered preview in Q2. The DDQ surface is not yet listed on the marketing platform pages — the path of record there remains the RFP Analysis and Proposal Builder modules — and we will fold DDQ workflows into the marketed surface once the evidence and routing layers are stable.

What it does

  1. The retrieval layer drafts an answer for a DDQ question and identifies which KB block it came from.
  2. The KB block has a list of cited evidence artifacts (SOC 2, pentest, policy PDFs) stored in the evidence vault.
  3. The access layer checks whether the buyer is entitled to each artifact (NDA status, classification, expiration).
  4. Entitled, current artifacts are staged to the response package. Expired or NDA-gated artifacts that fail the check route the question to the owner as a ticket.
  5. The response package, when exported, includes the artifacts in a separate folder with a manifest mapping each answer to its evidence files.

What it does not do

It does not auto-redact. If the SOC 2 report contains sections that the vendor wants to redact before sending to a specific buyer, that is still a manual step. Redaction-by-policy is on the roadmap for Q1.

It does not handle custom evidence requests. If a buyer asks for an artifact the KB does not cite — “can you attach your latest board meeting security briefing?” — the question routes to an SME the same way a custom question does.

Why it took this long

Three reasons. The access-layer semantics had to be right — serving the wrong artifact to the wrong buyer is a legal-review event. The NDA integrations with the two most common CLM platforms took longer than expected (about six weeks each). And the expiration-check logic had to interact cleanly with the KB freshness scoring we shipped in Q2.

Docs are updated. The flag rolls out to existing customers over the next two weeks; new accounts see it enabled by default starting today.

Sources

  1. 1. Evidence vault architecture
Tagged engineering changelog ddq evidence preview