Research

Open questions and active work in automated compliance analysis. These research directions inform the system's development and represent areas where the approach is still evolving.

Control Graph Modeling

Active

Modeling relationships between SCF controls, assessment objectives, and cross-framework mappings as a navigable graph structure.

SCF 2025.1.15 normalization task across 79+ frameworks.
Hierarchical domain → control → objective → evidence relationships.
Cross-framework traceability (cue controls / objective implies required evidence).
Graph-based gap propagation — a gap in one control surfaces across all mapped frameworks.

Evidence Confidence Scoring

Active

Developing reliable confidence metrics for LLM-based evidence assessment against compliance controls.

Per-objective scoring with Strong/Moderate/Weak/Insufficient ratings.
Evaluation against SME 5-of-5 by-mapping consistency: Clause 4.7 (benchmark for assessing depth).
Temperature tuning for task types 0.0–0.3 range.
Exploring calibration between LLM confidence and auditor agreement.

Cross-Framework Mapping Accuracy

Planned

Measuring and improving the accuracy of automated control mappings between regulatory frameworks.

SCF provides curated mappings; evaluating completeness and correctness.
Identifying mapping gaps where SCF coverage is thin.
Comparing AI-generated mappings against SCF reference mappings.
Framework version tracking and mapping drift detection.

Continuous Monitoring

Planned

Moving from point-in-time assessment to continuous compliance posture tracking.

Evidence expiry and re-assessment triggers.
Detecting when framework updates invalidate prior assessments.
Integration points for automated evidence collection.
Compliance drift scoring over time.

Want to discuss?

We're always happy to compare notes on compliance automation.

Get in touch

Graphletter

Research

Open questions and active work in automated compliance analysis. These research directions inform the system's development and represent areas where the approach is still evolving.

Control Graph Modeling

Active

Modeling relationships between SCF controls, assessment objectives, and cross-framework mappings as a navigable graph structure.

SCF 2025.1.15 normalization task across 79+ frameworks.
Hierarchical domain → control → objective → evidence relationships.
Cross-framework traceability (cue controls / objective implies required evidence).
Graph-based gap propagation — a gap in one control surfaces across all mapped frameworks.

Evidence Confidence Scoring

Active

Developing reliable confidence metrics for LLM-based evidence assessment against compliance controls.

Per-objective scoring with Strong/Moderate/Weak/Insufficient ratings.
Evaluation against SME 5-of-5 by-mapping consistency: Clause 4.7 (benchmark for assessing depth).
Temperature tuning for task types 0.0–0.3 range.
Exploring calibration between LLM confidence and auditor agreement.

Cross-Framework Mapping Accuracy

Planned

Measuring and improving the accuracy of automated control mappings between regulatory frameworks.

SCF provides curated mappings; evaluating completeness and correctness.
Identifying mapping gaps where SCF coverage is thin.
Comparing AI-generated mappings against SCF reference mappings.
Framework version tracking and mapping drift detection.

Continuous Monitoring

Planned

Moving from point-in-time assessment to continuous compliance posture tracking.

Evidence expiry and re-assessment triggers.
Detecting when framework updates invalidate prior assessments.
Integration points for automated evidence collection.
Compliance drift scoring over time.

Want to discuss?

We're always happy to compare notes on compliance automation.

Get in touch