What is Vvault?
Vvault is an on-premise tool designed to automate the completion of Vendor Security Questionnaires (e.g., CAIQ, SIG, SOC2, DORA). Unlike cloud-based compliance tools, the solution operates entirely within the customer’s local network perimeter, utilizing local Large Language Models (LLM) and vector databases to ensure absolute data sovereignty.
Key Capabilities
- Three-Tier Answer Pipeline: Employs a sequential process of template matching, semantic cache lookup, and local LLM generation to maximize response speed and accuracy.
- Offline Inference & Local Data Storage: Processes all policy documents and generates answers locally using an on-device engine and a local PostgreSQL vector database; no data is transmitted to external servers, third-party APIs, or external inference engines.
- Confidence Scoring & Evidence Gap Detection: Assigns a confidence score to every generated answer and automatically flags "evidence gaps" when local documentation lacks sufficient information to support a response, preventing "hallucinations" or improvised replies.
- Human-in-the-Loop (HITL) Dashboard: Provides a centralized interface for manual review, editing, and final approval of generated answers. No data is exported without human sign-off.
- Automatic Framework Detection: Identifies standard industry frameworks—including CAIQ v4, SIG Lite, SIG Core, and DORA Article 28—and automatically applies correct column mappings and logic.
- Complete Audit Trail & RBAC: Logs every approval, rejection, and edit with timestamps and usernames, supported by role-based access controls for Admins and Viewers.
Audience & Use Cases
- Audience: Security architects, GRC (Governance, Risk, and Compliance) analysts, and legal officers in highly regulated sectors (e.g., Finance, Healthcare, Government).
- Use Case: Accelerating contract closures by reducing the manual time required to complete Due Diligence Questionnaires (DDQ) from days to minutes.
- Use Case: Maintaining compliance with DORA Article 28, GDPR, and NIS2 by avoiding the creation of undocumented third-party ICT sub-processor relationships during the security review process.
- Use Case: Mitigating jurisdictional exposure to the US CLOUD Act by keeping sensitive security architecture documentation within the organization's own hardware.
Technical Specifications
- Deployment Model: Containerized (Docker) on-premise installation; completely offline operation after initial image download.
- Hardware Requirements: Minimum 8GB RAM (16GB recommended), 10GB disk space; No GPU required for model inference.
- Operating Systems: Windows 10/11, macOS 12+, and Ubuntu 20.04+.
- Verification: Claims of zero outbound data transmission are independently verifiable via network monitoring tools such as Wireshark.
Categories & Use Cases
Media
1 / 3
Screenshot of Vvault Dashboard and Command Center
