See Iris at ILTA EVOLVE — For Security Leaders at Law Firms

See us at ILTA EVOLVE

For security leaders at law firms

Stop answering the same security questionnaire — again.

Iris ingests your policies, controls, and institutional knowledge — then drafts accurate, cited, confidence-scored answers to every questionnaire and portal your clients throw at you. No hallucinations. No retyping. Get hours of your week back.

Book a 20-min demo See how it works

No training on your data · SOC 2 Type II · GDPR compliant · Data stays in your environment

Question 47 · Security Questionnaire

Question

Does your firm encrypt data at rest, and what key management controls are in place?

Answer

Yes. All client data at rest is encrypted using AES-256. Encryption keys are managed via AWS KMS with customer-managed keys (CMKs), with annual rotation and dual-control for key destruction. See attached policy for full controls.

94% confidence

4.2 — Encryption Policy v3.1 2.1 — KMS Controls

Auto-attached: Encryption_Policy_v3.1.pdf KMS_Controls_2026.pdf

Trusted by firms in the AM 100 & AM 200 · Security teams · Legal

The problem

Security teams are answering the
same 300 questions — every week.

Clients are asking more questions. Questionnaires are landing in portals, spreadsheets, and PDFs. Your team loses days to work a machine should do — while actual security work waits. And every word still matters: an inaccurate security claim is a real-risk event.

The hours

Weeks lost per questionnaire.

A single client questionnaire can tie up a CISO and their team for days — dozens per quarter. It's time your security team will never get back.

The repetition

The same 300 questions. Every time.

Encryption. MFA. IR plans. Pen tests. The answers don't change — but someone on your team keeps re-typing them into portal after portal after portal.

The portals

Every client on a different platform.

Every client runs questionnaires through a different vendor portal — and there are a lot of them. Answers live in silos; no one tracks them; consistency is a prayer.

Built for security teams, not marketing teams

Five commitments your
CISO will care about.

Iris isn't a content engine. It's a grounded response system — designed so every word it produces is traceable, consistent, and safe for the wire.

01/

Zero hallucinations. Full stop.

Iris only answers from the controls, policies, and evidence you've approved. If the answer isn't in your knowledge base, Iris flags the question — it doesn't invent one. Confidence scores accompany every response so reviewers know exactly where to focus.

Grounded only Confidence scoring Flagged unknowns

02/

You see exactly where every answer came from.

Iris shows you the policy, control, or control-narrative behind every sentence it drafts — with section and version — so reviewers can verify the source before approving. No black-box output; no guessing what the model "thought."

Source visibility Policy version tracking Reviewer-first

03/

Autopilot for portals.

Whichever vendor portal your client uses — and there are a lot of them — Iris fills it directly. Not a spreadsheet you copy-paste later. Consistent answers across every client, every form, every time.

Portal automation Consistency enforcement Custom tone & length

04/

Evidence, auto-attached.

When a question asks for proof — certifications, SOC 2 reports, policy PDFs — Iris finds the latest, right version and attaches it to the response. No more digging through folders to find which copy is current.

Attachment retrieval Version aware

05/

Complete visibility into every approval.

See every edit, every approval, every submission — with timestamps and reviewer identity. Know who drafted what, who changed it, and when it went out. Your team's work is no longer a black box.

Per-edit history Reviewer approvals Timestamped

Autopilot for portals

Point it at the portal.
Iris handles the rest.

Your clients use a long list of different vendor portals for security review. Iris logs in to whichever one lands on your desk, works row by row, and drafts grounded answers — each one linked back to the source in your knowledge base, ready for your reviewer to approve.

From 300 questions to a Monday-morning review.

Iris runs overnight. Your team wakes up to a queue of draft responses, each with a confidence score, visible source, and auto-attached evidence. Review, approve, submit.

→ Custom instructions per client: tone, length, yes/no vs. narrative.

→ Consistency enforcement: your Q12 answer matches your Q47 answer matches your Q219.

→ Flagged gaps become to-dos — not guesses.

Autopilot · Vendor portal Client: Fortune 500 Financial

Running

Do you encrypt data in transit and at rest? ✓ Done 98%

Describe your incident response plan. ✓ Done 91%

MFA enforced across all privileged accounts? ✓ Done 96%

SOC 2 Type II report available? ✓ Done 100%

Pen test frequency and most recent date? Flagged needs review

BCP — max tolerable downtime targets? drafting…

214 / 287 questions drafted ~ 18 min remaining

Visibility · Edit history

Q47 — Encryption at rest

Iris drafted answer for Q47 — Encryption at rest

Mar 14 · 02:14

S. Burke, CISO edited "annual rotation" → "90-day rotation with dual-control"

Mar 14 · 09:32

S. Burke approved Q47 · Encryption

Mar 14 · 09:33

R. Jain, DIR. INFOSEC attached Encryption_Policy_v3.1.pdf

Mar 14 · 10:11

Iris submitted to portal — Vendor portal TPRM #4821

Mar 14 · 10:14

Visibility

Every edit, every approval, every keystroke.

Your team is never guessing who changed what. Every draft, edit, approval, and submission is logged — so you can see exactly how a response came together and who signed off on it.

Every edit, comment, approval, and submission is captured with reviewer identity and timestamp. You can see exactly how an answer came together — which draft it started as, who edited it, who signed off, when it went out.

No more "who wrote this?" emails. No more version chaos. Just a clear, chronological view of the work your team is doing.

Your data stays yours

Iris meets the bar
you'd set for yourselves.

We're a security-first platform serving security-first firms. These aren't features — they're the floor.

Data stays in your environment.

Your policies, your controls, your responses — tenant-isolated and never pooled.

Never used to train our models.

Your knowledge base is for your firm, period. Contractual, not aspirational.

SOC 2 Type II.

Full report available under NDA.

GDPR compliant.

Data processing, subject rights, and cross-border transfer controls meet EU GDPR requirements.

SSO, SCIM, role-based access.

Enterprise identity and permissions from day one.

What firms say

Built with AM 100 &
AM 200 firms.

80%

Less time per questionnaire across security teams using Iris Autopilot. Hours back, every week.

The questionnaire queue used to eat my team for a week at a time. Now it's a morning review.

Director of Information Security · AM 100 firm

Knowing exactly which policy section fed each draft is what got it through our risk review. My team can verify before we submit — not hope.

CISO · AM 200 firm

Meet us at Evolve

Bring your longest questionnaire. Watch Iris knock it out.

Send us your last security questionnaire. We'll stand up a tenant with your policies, run Iris against it, and show you hundreds of grounded, cited, ready-to-review answers — in a 20-minute session.

Book a demo

For security leaders only

A private walkthrough, no sales theater.

We run demos for security leaders. Bring your team, bring your skepticism. The first question we want to answer is "how does this not hallucinate?"

Reserve your spot →