Help Center
Help Center
Start typing to search…

Content Best Practices

Time to complete: 1-2 hours

Prerequisites: Knowledge Library with sources to upload


Curating the right content is necessary for getting the best answers from ConveyorAI, and delivering the best Trust Center to your customers. In this section, we will walk you through what types of content you should add.

🏅

Our Recommendation: 5-10 Docs + 400 Question-Answer Pairs (Q&As) + 2 External Sources

In our internal testing, we found that 5-10 common documents paired with roughly 400 Knowledge Base question-and-answer pairs enables ConveyorAI to answer roughly 85-90% of the questions on typical InfoSec questionnaires. Adding 2 external sources boosts accuracy another 5%+.

Questionnaire/RFP Automation and Trust Center use similar content and this gives you a great starting point for a customer-facing Trust Center.


Documents

Start building out your Knowledge Library with the following assets commonly used in companies.

📘

If you don't have any of the documents mentioned below, and don't have any past questionnaires to utilize for your Knowledge Library, you can answer these top 200 questions found in our Q&As template here to get started.

See Adding New Documents to learn how to add these assets as Documents.

Common Documents for Security Questionnaires

Security questionnaires require precise, authoritative explanations of your controls, policies, and compliance practices. Much of this information already exists in documents maintained by your security and compliance teams. When these core assets are uploaded, ConveyorAI can draw directly from your verified sources to produce accurate, consistent, and audit ready responses with minimal manual effort.

Following documents alone can enable ConveyorAI to answer up to 60% of the questions on typical InfoSec questionnaires:

  • SOC 2 Type II report: This report is by far the most commonly-requested document by customers. Furthermore, in our testing, we found that a good SOC 2 Type II report by itself enables our AI bot to answer 45% of the questions on typical InfoSec questionnaires. If you're using Conveyor as a Trust Center, add any other Audit and Compliance reports you have, too, like your ISO-27001 Cert, PCI compliance, etc
  • Supported Standardized Questionnaires:
    • CSA (Cloud Security Alliance) STAR-CAIQ: We've found that a detailed CAIQ by itself answers 24% of most InfoSec questionnaires. As long as the Excel contains a tab with the name "CAIQ" and a version number on it, our Questionnaire Automation will read from it.
    • HECVAT (Higher Education Cloud Vendor Assessment):. Uploading your completed HECVAT questionnaire (Lite or Full) can help support in answering more detailed InfoSec questions. As long as the HECVAT is of version 2.0 or above and has a tab with name “HECVAT - (Lite/Full)”, Conveyor will automatically read from it.
    • SIG (Shared Assessments Standardized Information Gathering): Uploading a completed SIG (Lite or Core) provides extensive information for InfoSec questionnaires. As long as the Excel contains a tab with the name “SIG”, Conveyor will read from any version of this standard.
  • Penetration Test Executive Summary and Remediation Letter. 40% of questionnaires explicitly ask about penetration testing, and many customers request to see the executive summary.
  • Policies: 65% of questionnaires ask directly about your InfoSec policies. Upload each policy as a separate document to keep it organized. Here are a few suggestions for specific policies based on what customers ask often:
    • Business Continuity Plan: For questions like "what happens if (and when) there's an outage?"
    • Incident Response Plan: For questions like "what happens if (and when) you get popped?"
    • Acceptable Use Policy: Customers often want to know what governs employee behavior.
    • Data Retention Policy: Customers like knowing if there's a process in place for removing data after contracts end.
    • SDLC (Software Development Lifecycle): A common source of answers to questions around how companies build products securely.
  • A Security White paper and/or FAQ: This will further complement critical details on security questionnaires.

Common Documents for RFPs

RFPs require a consistent and comprehensive story about your company, your products, and your differentiation. The most accurate and compelling answers come from documents already maintained across product, marketing, enablement, and engineering teams. Leveraging these core assets ensures ConveyorAI can showcase your strongest positioning with minimal manual effort.

Following documents alone can enable ConveyorAI to answer up to 65% of the questions on typical RFPs:

  • Internal Confluence Pages: Conveyor integrates easily with internal or gated tools like Confluence, Notion Google Drive to index all subpages within a workspace. Many enablement, product, marketing, and engineering teams keep specific workspaces current with the latest positioning and messaging information. Just add the Confluence URL in Conveyor and it auto-refreshes weekly.
  • Company Deck: This is by far the most commonly-used document to explain what your company does, the underlying products, and core use cases. It's typically only updated once per year for core positioning and messaging. It can help provide a simple, clear pitch on:
    • The company's mission
    • The core personas served: key problems, common solution use cases, high-level competitive differentiation
    • Customer success examples (by segment, vertical, use case, persona, etc.) with quantitative improvements
  • Sales Deck: Sales teams usually prepare bite sized decks to run a 30min (1st call) and 60min (2nd call) meeting with prospects. It might have different versions catered to specific audiences but it generally start with the landmark value propositions and detailed pitch for "Why Us." It often includes product roadmap, market challenges for a specific persona, feature-level competitive differentiation, pricing and packaging, and implementation and support options.
  • New Product Launches: Companies usually ship new products that get marketed on the public website, marketing materials, sales decks or company wiki in platforms like Confluence.
  • Monthly Feature Releases: These are often published as downloadable PDFs on a public site, shared as data sheets, or distributed through email updates. Important competitive improvements for RFPs can get buried within broader marketing communication. A simple automation flow, such as using Zapier to download each monthly release, save it as a PDF, and upload it into your Conveyor file folder, ensures ConveyorAI always has the freshest positioning and feature details to generate accurate and compelling responses.

Curated Q&As

If you've added the Common Documents above, then you might see up to 60% accurate answer coverage on typical InfoSec questionnaires. To get up to 85% for InfoSec accurate answers, we recommend adding an additional 400 question and answer pairs from most frequently asked questions.

Some potential sources are:

  • 5 past completed questionnaires: Customer questionnaires provide great references for the types of questions you encounter. You can review them to choose questions to curate Q&As.
  • YourShared Assessments SIG, SIG Lite, or SIG Core: While assessments with just "yes/no" answers work, we recommend appending longer explanations to the answers before uploading them.
  • YourHECVAT Lite or Full: Same principle as assessments goes here.

Do not add less frequent Q&As under Curated section beyond 200-400 most frequent and critical Q&As. As explained below, rare questions like "Were you affected by the Log4j vulnerability?" should go to Past Answers.

To learn how to add Q&As manually or bulk-import, see Adding question and answer pairs.

Past Answers

To avoid maintenance overhead, start with a smaller number of Curated Q&As, and fill the gaps as you answer questionnaires. These answers get saved to the past answers section and used by ConveyorAI for future questionnaire responses.

ConveyorAI automatically mark any answer as "reusable" and pulls from Past Answers if:

  1. your team edits an AI-generated answer
  2. ConveyorAI does not return an answer, and your team answers it

External Sources

External sources are synced once a week and provide you with a low-effort way of keeping your knowledge library up to date. Data across organizational domains such as marketing, product, or technical documentation is often the source of truth for many business-level questions in external source formats.

These sources boost accuracy to up 95% and include:

  • Company website: Use this source for marketing copy around which products are offered, the value propositions or key benefits, and use cases supported. For Conveyor, it's www.conveyor.com..
  • Company Help Center: Use this source for nuanced technical answers to specific product questions. For Conveyor it's docs.conveyor.com.
  • Company Web Policies: Use this source for information on Terms of Service, Acceptable Use Policy, Data Processing Addendum, Privacy Statement, Responsible Disclosure Policy, Security Policy, Subprocessor Directory, Trademark Policy, and Support Policy. For Conveyor it's conveyor.com/legal.

Additional Tips

  • The most important rule is: Garbage in, garbage out. ConveyorAI retrieves the most relevant content from your Knowledge Base when answering questions, and then makes slight tweaks to ensure that the new question is answered fully. However, if your knowledge base answers are phrased poorly or are ambiguous, ConveyorAI will return poorly-phrased and ambiguous answers.
  • Providing past questionnaires with detailed answers (rather than simple "yes/no" answers) generate better answers.
  • If your content varies depending on the product the customer is evaluating, make sure to use Product Lines.
  • A lot of questionnaires include layups like "When was your company founded?" or "What is the name of the software we are buying?" that you should include in Curated Q&As.
  • You don't need to upload different variations of the same question. ConveyorAI can recognize and answer effectively for different wordings of questions.
  • Even though ConveyorAI redacts customer-identifying information, avoid uploading information with references to specific customers (such as this answer: "No, we would never compromise GloboCorp's data!").
  • Avoid including specific dates when possible. For example, it's easier to keep this question up to date: "We complete penetration testing annually. For the latest copy, see Conveyor portal" than it is to keep this up to date: "Last penetration test was 09-01-2022"
  • Don't just use the Knowledge Library to respond to questionnaires - turn the tables on your customers! Share questions and answers publicly or with approved customers (see Q&A access levels) so your mid market and SMB customers can self-serve their own answers.

Common questions

Should I upload questionnaires with only yes/no answers or detailed explanations?
Always choose detailed explanations when possible. Questionnaires with comprehensive answers help ConveyorAI generate more thorough and useful responses. Simple yes/no answers provide minimal context for future questions.

How do I avoid uploading outdated information when I have multiple versions of the same document?
Only upload your most recent version. Before uploading, check the document date and verify it reflects your current policies and practices. Delete or replace older versions in Conveyor to prevent ConveyorAI from citing outdated information.

Can I upload the same Q&A in different variations to help ConveyorAI recognize different phrasings?
No need. ConveyorAI can recognize and answer questions effectively even when they're worded differently. Focus on uploading one high-quality answer per topic rather than multiple variations of the same question.

What if I have documents that are useful for ConveyorAI but shouldn't be shared in my Trust Center?
Set those documents to "Internal only" when uploading. This allows ConveyorAI to use them for generating answers while keeping them hidden from Trust Center visitors. Examples include detailed internal policies or technical specifications.

How often do external sources sync?
Public external sources (like your company website or help center) sync automatically once per week. Private external sources (like Confluence or Google Drive) sync daily, ensuring ConveyorAI always has access to your latest content.


What's next


Need help? Visit the Troubleshooting guide or contact [email protected].

Updated about 14 hours ago