Whisperly
Whisperly is an AI-powered GRC platform covering data privacy, AI governance, vendor risk, and security questionnaire automation.
Key features and functions include:
Data Privacy Compliance
Automates Records of Processing Activities (RoPA), Data Protection Impact Assessments (DPIAs), Data Subject Access Requests (DSARs), and data breach response workflows. Maps controls across GDPR, UK GDPR, Swiss FADP, and CCPA to reduce duplicated documentation work.
AI Governance
Maintains an AI system inventory and classifies AI systems by risk level under the EU AI Act, with additional mapping to ISO 42001 and the NIST AI Risk Management Framework. Generates technical documentation, tracks generative AI intake and approvals, and monitors AI systems on an ongoing basis.
Vendor Risk Assessment
Sends structured risk questionnaires to vendors, automatically scores responses, and flags gaps before contracts are signed. Includes templates aligned to SOC 2, ISO 27001, GDPR, DORA, and the EU AI Act, along with continuous monitoring that triggers reassessment when a vendor's risk posture changes. Includes a dedicated module for DORA-driven ICT third-party registers for financial-services customers.
Security Questionnaire and RFP Automation
Extracts questions from incoming customer security questionnaires, RFPs, RFIs, and DDQs (Excel, Word, PDF, or portal formats) and generates draft answers sourced from the company's own policies and past responses, each with a confidence score for human review.
Trust Center
Provides a publicly hosted page where a company can display its own certifications, policies, and compliance posture so prospective customers can self-serve answers instead of sending a questionnaire.
Autonomous Agents
Three named AI agents (Policy Agent, Risk Analyst, Vendor Assessor) handle drafting, risk scanning, and vendor evaluation across the platform, with human review and approval built into each workflow.
Loading...