Project Info

The Compliance Questionnaire Assistant (CQA) is a web app designed to streamline the vendor onboarding process at ServisBOT. When new clients wish to start using our services, they typically send us security questionnaires to evaluate our security posture. To complete these questionnaires, the security team spends significant time searching through policies. The CQA addresses this by allowing users to upload documentation and generate AI-powered answers which reference this documentation, saving the team time and effort.

The application makes extensive use of both serverless and managed service technologies, including Lambda, DynamoDB, and S3. The central technology used is Amazon Bedrock Knowledge Base, which takes care of RAG processes such as document indexing, retrieval, and answer generation. The application was largely written in TypeScript and JavaScript. TypeScript was used for the frontend and AWS CDK infrastructure, and JavaScript was used for the backend.

As a security-related app, the CQA was built with a security-first mindset. The app is protected by Amazon Cognito authentication, and uses presigned URLs for document views and uploads. This means that S3 resources can be easily yet securely accessed by authenticated ServisBOT users. The app also features a bulk questionnaire mode, prompt management, and policy versioning.

Project Links