1️⃣ How is a partner’s risk level calculated?
Sonar automatically evaluates risk by combining several criteria:
Volume of shared files with an external partner.
Content sensitivity: financial information, personal data (PII), contracts, passwords, etc.
Partner trust level: compliance data such as ISO 27001 or SOC 2 certifications lower the perceived risk, while a partner without certifications may be considered more exposed.
Example: sharing 3 non-sensitive files with an ISO 27001–certified provider is considered low risk. Conversely, sharing a complete organizational chart or salary data with an uncertified freelancer represents high risk.
👍 Good to know:
The risk level is dynamic: it is automatically updated each time a file is added or access is revoked. This ensures you can always focus on the most sensitive areas.
2️⃣ How are priorities defined?
To avoid overloading IT teams, Sonar delegates responsibility directly to employees through Albert.
Each employee only receives requests related to the external partners or public files they are responsible for, with one simple mission: validate or revoke access.
To minimize friction, Albert delivers these tasks progressively and by priority:
Each week, an employee receives a maximum of 5 partners to review.
The priority order is automatically set according to the calculated risk level.
Administrators always retain control over these priorities:
They can flag a case as urgent (“Request priority handling”) to ensure it’s addressed first.
They can also validate or revoke a sharing themselves if needed.
3️⃣ The concept of “Owner”
For each partner, Sonar automatically designates a responsible owner by combining two criteria:
the volume of documents shared with that partner by each employee,
the employee’s hierarchical position within the organization (as identified in the workspace or via Active Directory).
This “owner” is suggested by default but can be manually reassigned to the most relevant collaborator.