Research

Open questions and active work in automated compliance analysis. These research directions inform the system's development and represent areas where the approach is still evolving.

Control Graph Modeling

Active

Modeling relationships between SCF controls, assessment objectives, and cross-framework mappings as a navigable graph structure.

SCF 2025.1.1 as normalization layer across 79+ frameworks
Hierarchical domain → control → objective → evidence relationships
Cross-framework traceability (one control satisfies multiple standards)
Graph-based gap propagation — a gap in one control surfaces across all mapped frameworks

Evidence Confidence Scoring

Active

Developing reliable confidence metrics for LLM-based evidence assessment against compliance controls.

Per-objective scoring with Strong/Moderate/Weak/Insufficient ratings
Dual-model assessment: GPT-5 for mapping consistency, Claude 3.7 Sonnet for reasoning depth
Temperature tuning per task type (0.0–0.3 range for compliance accuracy)
Exploring calibration between LLM confidence and auditor agreement

Cross-Framework Mapping Accuracy

Planned

Measuring and improving the accuracy of automated control mappings between regulatory frameworks.

SCF provides curated mappings; evaluating completeness and correctness
Identifying mapping gaps where SCF coverage is thin
Comparing AI-generated mappings against SCF reference mappings
Framework version tracking and mapping drift detection

Continuous Monitoring

Exploratory

Moving from point-in-time assessment to continuous compliance posture tracking.

Evidence expiry and re-assessment triggers
Detecting when framework updates invalidate prior assessments
Integration points for automated evidence collection
Compliance drift scoring over time

Graphletter

Research

Open questions and active work in automated compliance analysis. These research directions inform the system's development and represent areas where the approach is still evolving.

Control Graph Modeling

Active

Modeling relationships between SCF controls, assessment objectives, and cross-framework mappings as a navigable graph structure.

SCF 2025.1.1 as normalization layer across 79+ frameworks
Hierarchical domain → control → objective → evidence relationships
Cross-framework traceability (one control satisfies multiple standards)
Graph-based gap propagation — a gap in one control surfaces across all mapped frameworks

Evidence Confidence Scoring

Active

Developing reliable confidence metrics for LLM-based evidence assessment against compliance controls.

Per-objective scoring with Strong/Moderate/Weak/Insufficient ratings
Dual-model assessment: GPT-5 for mapping consistency, Claude 3.7 Sonnet for reasoning depth
Temperature tuning per task type (0.0–0.3 range for compliance accuracy)
Exploring calibration between LLM confidence and auditor agreement

Cross-Framework Mapping Accuracy

Planned

Measuring and improving the accuracy of automated control mappings between regulatory frameworks.

SCF provides curated mappings; evaluating completeness and correctness
Identifying mapping gaps where SCF coverage is thin
Comparing AI-generated mappings against SCF reference mappings
Framework version tracking and mapping drift detection

Continuous Monitoring

Exploratory

Moving from point-in-time assessment to continuous compliance posture tracking.

Evidence expiry and re-assessment triggers
Detecting when framework updates invalidate prior assessments
Integration points for automated evidence collection
Compliance drift scoring over time