Framework Intelligence [ Organization ➔ Assessments] in the Security Performance Management application enables security and risk teams to upload your internal documentation (e.g., SOC 2 reports, Cyber Assurance Policies) and receive a compliance assessment mapped to framework. It leverages generative AI to see how they align with common frameworks, identify key strengths and weaknesses, and maintain a consistent, unified compliance posture.
To run a new assessment:
-
Select any of the available frameworks.
-
Upload the vendor's compliance documentation for analysis. Files must be in PDF or CSV format.
Each PDF should not exceed 50MB
Each CSV should not exceed 1MB
The total collection of documents should not exceed 50MB, 500 pages, or 1000 rows
-
Click Start Assessment.
Compliance Statuses
Compliant
The documentation provides sufficient and direct evidence that the control is met. No further clarification is required. The AI model identified explicit alignment between the documentation and the control’s intent.
Not Compliant
There is no adequate evidence in the provided documentation to confirm the control is met. This may mean the control is not addressed at all, or the content is too vague, incomplete, or irrelevant to meet the requirement.
Needs Review
The documentation contains partial, ambiguous, or informational content that makes the control outcome unclear.
- Controls that are only partially addressed.
- Responses that involve assumptions or unclear phrasing.
- The LLM recommends manual review to determine applicability and intent.
Overview Summary
- % Compliant
- % Not Compliant
- % Needs Review
Controls Table
- Each control’s compliance status.
- The number of evidence references.
- AI-generated answers summary and citations per control.
- Risk vector mappings.
Feedback
0 comments
Please sign in to leave a comment.