Case Studies / apoQlar
MEDTECH · COMPLIANCE & PROCESS AUTOMATION
Cutting security questionnaire completion from one month to one week with GenAI
Every time a hospital wanted to adopt apoQlar’s medical AR platform, they required a completed security questionnaire – tens or hundreds of detailed questions about data protection, compliance, and technical security. Filling these out manually took a month and 8–10 people from across the organization. We built an AI assistant that reduced this to under a week with far fewer people, saving an estimated $90,000 per year and cutting client onboarding time from six weeks to two.
Client: apoQlar GmbH – a MedTech company developing mixed reality and AI solutions for healthcare, based in Hamburg.
KEY RESULTS
-75%
Completion time: from ~1 month to under 1 week
$90K
Estimated annual savings across ~15 questionnaires/year
6→2 wks
Client onboarding time reduced by two-thirds
8→2
People involved: from 8-10 to a small verification team
INDUSTRY
MedTech
USE CASE
Security questionnaire automation
AI APPROACH
RAG + LLM on Azure
DATA
PDFs, Confluence, policies
The challenge
Before a hospital can adopt a MedTech product, the vendor must demonstrate compliance with stringent security and data protection standards. In practice, this means filling out detailed security questionnaires, often containing tens or hundreds of questions about encryption, access controls, incident response, vulnerability management, and internal policies.
For apoQlar, each questionnaire required input from 8–10 people across IT, legal, compliance, and product teams. Someone had to locate the right policy document, find the relevant section, formulate an answer, and get it reviewed. With each person working on their own schedule and priorities, the process took about a month per questionnaire. With approximately 15 new hospital onboardings per year, this was a permanent resource drain – and the single biggest bottleneck in their sales cycle.
The core problem: every new hospital client required a completed security questionnaire that took a month and 8–10 people. The process was slowing down sales, tying up cross-departmental resources, and was entirely manual – despite the fact that most answers already existed somewhere in the company’s documentation.
What we built
We built Zippy – a GenAI-powered virtual assistant that answers security questionnaire questions automatically by drawing on apoQlar’s existing internal documentation. Instead of 8-10 people searching through policies and Confluence pages, one person can now run the questionnaire through Zippy and verify the results.
RAG architecture on Azure. The system uses Retrieval-Augmented Generation to connect a large language model to apoQlar’s complete document base – security policies stored as PDFs and technical documentation from Confluence. Azure OpenAI Services power the language model, and ChromaDB serves as the vector database for fast retrieval. All data processing stays within Microsoft Azure, meeting enterprise security requirements.
Source-referenced answers. Every response Zippy generates includes the exact source – document name and page number. This is critical for compliance: the person verifying answers can immediately check where each response came from, rather than trusting a black-box output. It also makes the verification step dramatically faster.
Custom document processing. Policy PDFs and Confluence pages come in wildly different formats. We developed custom extraction and chunking strategies tailored to each data source, preserving structural context and metadata – so the retrieval system can find not just relevant text, but the specific section and page within the original document.
Continuous improvement through feedback. Users can flag inaccurate or incomplete answers directly in the interface. This feedback is tracked in LangFuse (which also handles prompt versioning, cost tracking, and latency monitoring) and drives ongoing improvements to both the system and the underlying documentation. When Zippy can’t answer something well, it surfaces a documentation gap – incentivizing teams to keep their policies current.
The results
BEFORE
~1 month per questionnaire. 8–10 people from IT, legal, compliance, and product involved. Manual search through policies and Confluence. Sales cycle bottleneck at every new hospital onboarding.
AFTER
Under 1 week per questionnaire. Small team for verification only. Source-referenced answers generated automatically. Client onboarding reduced from 6 weeks to 2 weeks.
The numbers tell the story: completion time dropped by 75%, the number of people involved dropped from 8–10 to a small verification team, and the estimated annual savings across approximately 15 questionnaires per year is around $90,000 in labor costs alone. But the bigger impact is commercial – client onboarding time was cut from six weeks to two, directly accelerating apoQlar’s ability to deploy their solutions in hospitals.
The feedback loop also created an unexpected benefit: because Zippy surfaces which questions it can’t answer well, the organization now has visibility into where their documentation is incomplete – driving continuous improvement in their policy documentation independently of the questionnaire process.
This case study is covered in detail in our full whitepaper (PDF), including architecture diagrams, implementation details, and ROI analysis.
Technology used
“
Managing the completion of security questionnaires is no longer a logistical nightmare. The new system is easy to manage and ensures our responses are accurate and comprehensive.
Maciej Antoszczuk
Tech Product Owner, apoQlar
More Case Studies
See how we’ve helped other companies
AUTOMOTIVE · LEADING LUXURY MANUFACTURER
Intelligent virtual assistant replacing manual planning queries across SAP and cloud systems
Product planners spent hours manually querying SAP BW and multiple data warehouses for every decision. We built a bilingual voice-and-text assistant that retrieves planning data on demand – no system expertise needed.
Hrs → Sec
Data retrieval
DE + EN
Voice & text
SAP BW
Integrated
MANUFACTURING · RADAWAY
Making email-based order processing reliable with LLMs
Staff were manually reading customer emails, identifying products, and entering orders by hand. We turned a promising AI prototype into a production system that handles it end to end, across languages, formats, and attachments.
-90%
Manual intervention
95%+
Match accuracy
LOGISTICS · FR. MEYER’S SOHN
Eliminating manual data extraction from thousands of daily shipping emails
Operations staff were manually reading German and English logistics emails to pull out routing and scheduling data, every single day. We built an AI pipeline that extracts, structures, and delivers the data automatically.
–80%
Manual effort
2 langs
DE & EN
On-prem
Deployed