devguard

AI Assistant

Your personal compliance assistant helps you manage policies, risks, and assets through an intuitive chat interface, using your organization’s knowledge base to provide accurate and contextual answers.

Overview

Say hi to your personal compliance assistant, built to help you manage policies, risks, assets, and more — all through a conversational interface. The assistant connects directly to your organization’s knowledge base, allowing you to ask questions, generate new content, and map compliance controls with ease.

Your assistant can search, create, and organize all key GRC components while maintaining structure, consistency, and traceability.

Capabilities

The AI Assistant is integrated into your organization’s environment and can access structured GRC data such as policies, risks, assets, roles, and controls.

You can:

  • Ask questions about any content stored in your organization’s knowledge base
  • Create new policies, risks, assets, or roles directly from the chat
  • Search compliance frameworks to find relevant controls
  • Map controls to policies for audit and certification tracking
  • Generate summaries, explanations, or reports using existing organizational data

Each interaction is context-aware — responses are based on your organization’s stored resources, ensuring accuracy and traceability.

Knowledge Base

Your assistant connects to a knowledge base that includes:

  • Policies and policy categories
  • Risks and risk assessments
  • Assets and asset classes
  • Roles, locations, and schedules
  • Acronyms, definitions, and variables

When you ask a question, the assistant first searches your knowledge base using the getInformation tool. If no relevant data is found, it responds transparently with:

I couldn’t find specific information about that in the knowledge base.

This ensures that all provided answers are verifiable, consistent, and derived from your actual organizational context.

Information Flow

  1. Input: You ask a question or make a request
  2. Retrieval: The assistant searches your organization’s stored data
  3. Response: It summarizes the most relevant information
  4. Creation (optional): If requested, it generates structured, compliant content

Creation Tools

The assistant supports structured creation of new entities across your GRC system.

Supported Creation Tools

Entity TypeDescription
AssetsCreate and describe new assets with owners, classes, and locations
RisksCreate new risks with impact, likelihood, and mitigation details
RolesCreate new organizational roles used for ownership and accountability
PoliciesCreate new policies, structured by category and approver role
Policy CategoriesCreate or extend your policy hierarchy
Acronyms, Definitions, LabelsCreate supporting metadata to enrich content
Locations, Schedules, VariablesCreate reusable context data across modules
ResourcesStore organizational documents or references
InformationRetrieve contextual data to answer questions

When creating new policies, the assistant automatically structures content into sections and sub-sections, maintaining bullet points and numbered lists from user input.

Example Policy Creation

Create a Data Retention Policy under Information Security, approved by the CTO.

The assistant will:

  1. Create a new policy entry under the Information Security category
  2. Assign CTO as the approver role
  3. Structure the text into clear, hierarchical sections
  4. Store the policy for future search and control mapping

Control Mapping

Compliance controls from frameworks such as ISO/IEC 27001, SOC 2, or NIST can be linked directly to policies or policy sections.

Supported Actions

ActionDescription
Search ControlsFind specific controls by name, identifier, or framework
Map Controls to PolicyAttach one or multiple controls to a policy or section
Unmap Controls from PolicyRemove existing control associations
Get Policy Control MappingsView all linked controls per policy
Get FrameworksBrowse supported compliance frameworks

Mapping controls allows you to verify compliance coverage, reduce duplication, and generate audit-ready evidence of control implementation.

Privacy and Location

Your AI Assistant operates in the EU region (Frankfurt), ensuring data residency and compliance with European data protection standards.

  • No customer data is stored by default.
  • Data is only retained when you explicitly request the assistant to “remember” or “store” information.
  • Stored data remains within your organization’s secure environment and is accessible only in that context.
  • You can disable the AI Assistant anytime in your organization settings.

Example: Data Retention Behavior

ScenarioStored Permanently?Explanation
Asking a question about an existing policyThe assistant only reads from your knowledge base
Creating a new risk via chatThe new risk is stored as a resource within your organization
Asking the assistant to “remember this for later”Information is saved within your organizational context
Asking about external contentExternal data is not stored or retained

Continuous Improvement

We are continuously expanding the assistant’s capabilities to include:

  • Cross-policy reasoning and document linking
  • Advanced report generation and summaries
  • Automated control gap detection
  • Contextual compliance recommendations

Stay tuned for regular updates as the assistant becomes an even more powerful part of your GRC ecosystem.

How is this guide?

On this page