.jpg)
Introduction
Under a Non-disclosure Agreement - Some of the details in this case study may be vague to protect the client's intellectual property.
The Security Due Diligence Service is designed to support customers in assessing the security and data protection practices of our key customer cloud infrastructure. As organizations increasingly rely on cloud platforms to run their software and manage sensitive data, ensuring alignment with industry standards becomes critical.
Key Benefits:
- Transparent communication of security practices
- Streamlined compliance processes for customers
- Increased confidence in cloud adoption
- Stronger relationships built on trust and accountability
Process
Background and Challenges
In the past, clients of our customer submitted their security questionnaires manually—typically via email or shared documents. To better understand the pain points of this process, we conducted multiple rounds of interviews and collaborative workshops with both internal security teams and external clients.
Through this research, we uncovered that responding to these inquiries required significant manual effort from security staff, resulting in a process that was:
- Time-consuming, with long turnaround times
- Inconsistent, due to varied formats and responses
- Difficult to scale, especially as the number of clients grew
These insights informed the foundation of our direction: a smarter, more scalable system to automate and streamline security due diligence.
To overcome these challenges, our team conceptualized and built the Security Q Intelligence Service, an AI-driven platform that automates the security due diligence process. This solution enables clients to upload questionnaires and receive intelligent, accurate responses via a streamlined user interface, while offering a robust backend for administrative control and customization.
By leveraging innovative design and technology solutions, we were able to exceed the client's expectations and deliver measurable results.
Key Design Goals:
- Simple and intuitive UI
- Secure file uploads and processing
- Real-time AI response display
- Human-in-the-loop validation options
.png)
Design
As part of the platform’s core experience, we designed the frontend interface with two primary user groups in mind:
👤 Clients of our customer
These users can log in to the platform, upload their security questionnaires (e.g., PDF, DOCX), and receive AI-generated responses, either in real time or after a brief review period. The goal is to enable customers to independently address their security due diligence needs while ensuring answers remain clear, compliant, and reliable.
🛡️ Security Employees
Internal security staff use the same interface to monitor AI responses, intervene when necessary, and provide support for more complex or edge-case inquiries. Their ability to review and validate AI-generated answers ensures both high-quality output and regulatory alignment.
What We Learned
Embedding AI into the Security Q Intelligence Service introduced both opportunity and complexity. While the AI model itself was developed in the background, integrating it into a functional product raised new design and usability challenges.
At the time, there was no established design system or UI pattern library in place. This meant we couldn’t rely on reusable components or prior user experience patterns. Everything had to be created, tested, and validated from the ground up.
💡 Key Learnings:
- User guidance is critical: when introducing unfamiliar technology. Even though the AI was powerful, we learned that users needed clear steps, feedback, and fail-safes to trust and adopt it.
- Micro-validation works: We broke down the design into small, testable interactions and continuously involved users to ensure that each step in the flow made sense and didn’t become a blocker.
What We Overcame:
- Lack of a design system: built a mini-component library on the go
- Abstract AI concept: made it visible and user-friendly through progressive disclosure and human-in-the-loop options
- Low user confidence in automation: addressed with confirmation flows, edit capabilities, and transparent feedback
This iterative, user-centered approach helped us build not just an intelligent tool, but one where people actually felt comfortable using.
