AI Assistant
Your personal compliance assistant helps you manage policies, risks, and assets through an intuitive chat interface, using your organization’s knowledge base to provide accurate and contextual answers.
Overview
Say hi to your personal compliance assistant, built to help you manage policies, risks, assets, and more — all through a conversational interface. The assistant connects directly to your organization’s knowledge base, allowing you to ask questions, generate new content, and map compliance controls with ease.
Your assistant can search, create, and organize all key GRC components while maintaining structure, consistency, and traceability.
Capabilities
The AI Assistant is integrated into your organization’s environment and can access structured GRC data such as policies, risks, assets, roles, and controls.
You can:
- Ask questions about any content stored in your organization’s knowledge base
- Create new policies, risks, assets, or roles directly from the chat
- Search compliance frameworks to find relevant controls
- Map controls to policies for audit and certification tracking
- Generate summaries, explanations, or reports using existing organizational data
Each interaction is context-aware — responses are based on your organization’s stored resources, ensuring accuracy and traceability.
Knowledge Base
Your assistant connects to a knowledge base that includes:
- Policies and policy categories
- Risks and risk assessments
- Assets and asset classes
- Roles, locations, and schedules
- Acronyms, definitions, and variables
When you ask a question, the assistant first searches your knowledge base using the getInformation tool. If no relevant data is found, it responds transparently with:
I couldn’t find specific information about that in the knowledge base.
This ensures that all provided answers are verifiable, consistent, and derived from your actual organizational context.
Information Flow
- Input: You ask a question or make a request
- Retrieval: The assistant searches your organization’s stored data
- Response: It summarizes the most relevant information
- Creation (optional): If requested, it generates structured, compliant content
Creation Tools
The assistant supports structured creation of new entities across your GRC system.
Supported Creation Tools
| Entity Type | Description |
|---|---|
| Assets | Create and describe new assets with owners, classes, and locations |
| Risks | Create new risks with impact, likelihood, and mitigation details |
| Roles | Create new organizational roles used for ownership and accountability |
| Policies | Create new policies, structured by category and approver role |
| Policy Categories | Create or extend your policy hierarchy |
| Acronyms, Definitions, Labels | Create supporting metadata to enrich content |
| Locations, Schedules, Variables | Create reusable context data across modules |
| Resources | Store organizational documents or references |
| Information | Retrieve contextual data to answer questions |
When creating new policies, the assistant automatically structures content into sections and sub-sections, maintaining bullet points and numbered lists from user input.
Example Policy Creation
Create a Data Retention Policy under Information Security, approved by the CTO.
The assistant will:
- Create a new policy entry under the Information Security category
- Assign CTO as the approver role
- Structure the text into clear, hierarchical sections
- Store the policy for future search and control mapping
Control Mapping
Compliance controls from frameworks such as ISO/IEC 27001, SOC 2, or NIST can be linked directly to policies or policy sections.
Supported Actions
| Action | Description |
|---|---|
| Search Controls | Find specific controls by name, identifier, or framework |
| Map Controls to Policy | Attach one or multiple controls to a policy or section |
| Unmap Controls from Policy | Remove existing control associations |
| Get Policy Control Mappings | View all linked controls per policy |
| Get Frameworks | Browse supported compliance frameworks |
Mapping controls allows you to verify compliance coverage, reduce duplication, and generate audit-ready evidence of control implementation.
Privacy and Location
Your AI Assistant operates in the EU region (Frankfurt), ensuring data residency and compliance with European data protection standards.
- No customer data is stored by default.
- Data is only retained when you explicitly request the assistant to “remember” or “store” information.
- Stored data remains within your organization’s secure environment and is accessible only in that context.
- You can disable the AI Assistant anytime in your organization settings.
Example: Data Retention Behavior
| Scenario | Stored Permanently? | Explanation |
|---|---|---|
| Asking a question about an existing policy | ❌ | The assistant only reads from your knowledge base |
| Creating a new risk via chat | ✅ | The new risk is stored as a resource within your organization |
| Asking the assistant to “remember this for later” | ✅ | Information is saved within your organizational context |
| Asking about external content | ❌ | External data is not stored or retained |
Continuous Improvement
We are continuously expanding the assistant’s capabilities to include:
- Cross-policy reasoning and document linking
- Advanced report generation and summaries
- Automated control gap detection
- Contextual compliance recommendations
Stay tuned for regular updates as the assistant becomes an even more powerful part of your GRC ecosystem.
How is this guide?
Dashboard
The Dashboard is your real-time landing page for governance, risk, and compliance.
Frameworks
Frameworks represent structured standards and regulatory guidelines that define principles and controls to safeguard information, ensure compliance, and reinforce organizational trust and accountability.