Achilles Comply 360 FAQ
Data Protection & Document Security
Q: How does Achilles Comply360 supply chain compliance software protect uploaded documents?
All uploaded documents are encrypted both at rest and in transit using industry-standard protocols (AES-256, TLS 1.2+).
Q: Who can access documents within the platform?
Authentication is managed through Microsoft B2C. Access is strictly role-based and limited to the client’s authorised users. Achilles staff can only access documents if explicitly permitted for support purposes, and all access is logged through strict audit trails.
Q: How is client data separated in this secure supplier data management platform?
Each client’s data is logically segregated within the platform, ensuring no cross-client access.
Q: What is the data retention policy for supply chain compliance software?
Data retention is defined by the client contract and can be configured. Clients may request the deletion of documents at any time.
Q: How is document authenticity maintained in Comply360?
Version control and audit trails ensure the integrity of documents, preventing unauthorised modifications.
AI Model Use & Data Privacy
Q: How does AI power compliance reporting in Comply360?
Comply360 AI operates using vector databases for supplier and regulation collections. Each supplier has its own dedicated collection, enabling accurate, real-time results.
Q: How does the platform safeguard supplier compliance data?
Each client’s data remains logically segregated, ensuring no cross-client access.
Q: What AI model is used in this supply chain risk management platform?
Achilles AI uses enterprise-grade foundation models deployed in a secure and compliant environment, enhanced with Achilles’ proprietary pipelines, regulatory libraries, and validation layers tailored for procurement, compliance, and ESG reporting.
Q: Can clients verify how AI in ESG reporting processes their inputs?
Yes. Clients can review reporting logs and data lineage, providing transparency and auditability.
Data Residency & Compliance
Q: Where is supplier data hosted in Comply360?
Production data is hosted in a secure EU data centre, with a disaster recovery provision hosted in a separate EU-based location.
Q: What certifications support Achilles’ supply chain compliance software?
Achilles’ ISMS is ISO 27001 certified. Additional frameworks such as SOC 2, GDPR compliance, and CSA STAR are applied depending on geography.
Q: How is supplier compliance data transferred outside the EEA/UK?
When data transfer occurs outside the EEA/UK, it is safeguarded using Standard Contractual Clauses (SCCs) and other GDPR-aligned protections.
Governance & Control
Q: Who owns the supplier compliance data in Comply360?
Achilles acts as the data processor, and clients act as the data controller. This ensures that clients retain full ownership of their data.
Q: How is supplier-uploaded data handled?
Supplier data is subject to the same protections and managed in compliance with GDPR and data protection laws.
Q: What happens in the event of a data incident?
Achilles has a documented and tested incident response plan. Clients are notified within defined timeframes if an incident affects their data.
Q: Can clients trace how AI-powered supplier compliance reports are created?
Yes. Reporting outputs are traceable back to the source data, with explainability features to clarify how results were derived.
Integration & Lifecycle Management
Q: How is integration secured in this AI-powered supplier compliance solution?
All APIs use secure authentication (OAuth2 / token-based) and encrypted communication.
Q: What happens to client data at the end of a contract with Comply360?
Clients can export data in standard formats. After termination, all client data is securely deleted from Achilles systems following ISO 27001-aligned processes.
Q: Can reporting outputs be shared externally in sustainable procurement solutions?
Yes. Clients can configure tiered visibility, allowing high-level reporting outputs to be shared while restricting access to underlying documents. This makes Comply360 a powerful part of sustainable procurement solutions, giving teams the ability to share compliance insights with investors, regulators, and supply chain partners while maintaining data security.
