What Questionnaire Instructions control
- Compliance framework alignment — SOC 2, NIST CSF, ISO 27001, etc.
- Scope restrictions — Cloud-only, specific products, exclude legacy systems
- Detail level — Executive summaries vs technical deep-dives
- Topic emphasis — Prioritize security, data handling, or specific features
What they don’t control
Instructions influence content selection, but they won’t:- Change your corrections (those always take priority)
- Override facts from your knowledge base
- Affect writing tone (use the Editorial Guide for that)
How instructions work
Wolfia provides two levels of instructions: Organization default — Set once in Settings. Automatically populates when anyone uploads a new questionnaire. Per-questionnaire override — Each questionnaire can have its own instructions. When you upload a questionnaire, the organization default appears, but you can edit it.Setting your organization default
1
Navigate to settings
Go to Settings → AI customization
2
Select the Questionnaire instructions tab
Select the Questionnaire instructions tab and enter your default instructions
3
Save your instructions
Click Save instructions
Customizing per questionnaire
When uploading a questionnaire, you’ll see the instructions field pre-filled with your organization default. You can:- Keep it as-is for standard questionnaires
- Modify it for specific requirements (e.g., SOC 2 vs ISO audit)
- Clear it if you want default AI behavior
Examples
Enterprise responding to SOC 2 audit
Instructions:This is a SOC 2 Type II audit. Focus on control activities and monitoring. Reference specific control categories (CC6.1, CC6.2, etc.) when applicable. Emphasize audit evidence and testing procedures.Question: Describe your access control policies. Without instructions:
Access is managed through Active Directory with role-based permissions. Users authenticate via SSO with MFA. We also maintain physical access controls at our data centers.With instructions:
Access control is governed by documented policies (CC6.1). Role-based access is enforced through Active Directory with quarterly access reviews (CC6.2). Authentication requires SSO with MFA. All access changes are logged and retained for 12 months to support audit evidence requirements.
Tech startup with cloud-only product
Instructions:This questionnaire is for our cloud-only SaaS offering. Exclude all on-premise infrastructure details. Focus on AWS security controls.Question: Describe your infrastructure security. Without instructions:
Our infrastructure spans AWS cloud environments and two on-premise data centers. Cloud resources are protected by security groups and WAF. On-premise systems use Cisco firewalls.With instructions:
Our cloud infrastructure runs entirely on AWS. Resources are protected by security groups, network ACLs, and AWS WAF. We use AWS Shield for DDoS protection and CloudTrail for comprehensive logging.
Enterprise preparing executive-level responses
Instructions:Provide executive-level summaries. Avoid deep technical specifications. Focus on business outcomes and risk management.Question: What encryption do you use? Without instructions:
We use AES-256-GCM for data at rest with envelope encryption. Keys are managed via AWS KMS with automatic 365-day rotation. Data in transit uses TLS 1.3 with ECDHE key exchange.With instructions:
All data is encrypted using industry-standard AES-256 encryption, both when stored and during transmission. Encryption keys are managed securely with automatic rotation.
Using Editorial Guide and Instructions together
These settings complement each other:- Editorial Guide controls how the AI writes (tone, formatting, terminology)
- Questionnaire Instructions control what the AI focuses on (content, scope, framework)
| Setting | Value |
|---|---|
| Editorial Guide | ”Use ‘Acme’ instead of ‘we.’ Keep answers under 100 words.” |
| Questionnaire Instructions | ”This is a SOC 2 audit. Reference control categories.” |
Common questions
Do instructions override my corrections?
Do instructions override my corrections?
No. Your corrections always take priority over instructions.
Do I need to set instructions for every questionnaire?
Do I need to set instructions for every questionnaire?
No. Your organization default automatically populates. Only customize when a questionnaire has specific requirements.
Who can edit the organization default?
Who can edit the organization default?
Admins and Experts. All users can edit per-questionnaire instructions when uploading.
What happens if I leave instructions blank?
What happens if I leave instructions blank?
The AI uses your knowledge base and general answering guidelines without specific focus adjustments.