Vendor Risk: Framework Intelligence

Framework Intelligence in the Continuous Monitoring application [ Vendor Risk ➔ Framework Intelligence] enables security and risk teams to upload vendor documentation (e.g., SOC 2 reports, Cyber Assurance Policies) and receive a compliance assessment mapped to frameworks like SIG LITE 2025. It leverages generative AI to surface control gaps, summarize evidence, and support faster, more scalable third-party assessments.

To run a new assessment:

1. Select any of the available frameworks.

   • Upload the vendor's compliance documentation for analysis. Files must be in PDF or CSV format.

     • Each PDF should not exceed 50MB

     • Each CSV should not exceed 1MB

     • The total collection of documents should not exceed 50MB, 500 pages, or 1000 rows

2. Click Start Assessment.

Compliance Statuses

Compliant

The documentation provides sufficient and direct evidence that the control is met. No further clarification is required. The AI model identified explicit alignment between the vendor’s documentation and the control’s intent.

Not Compliant

There is no adequate evidence in the provided documentation to confirm the control is met. This may mean the control is not addressed at all, or the content is too vague, incomplete, or irrelevant to meet the requirement.

Needs Review

The documentation contains partial, ambiguous, or informational content that makes the control outcome unclear.

• Controls that are only partially addressed.
• Responses that involve assumptions or unclear phrasing.
• The LLM recommends manual review to determine applicability and intent.

Overview Summary

• % Compliant
• % Not Compliant
• % Needs Review

Controls Table

• Each control’s compliance status.
• The number of evidence references.
• AI-generated answers summary and citations per control.
• Risk vector mappings.