Try It Out
Run one clear end-to-end flow: upload a single policy file, convert it into graph atoms, map controls, compute gaps, and export a report.
Scenario
A compliance lead uploads one Security Awareness Training Policy file while preparing for a SOC 2 audit. The system maps it to SCF controls and shows coverage and gaps.
Single Upload Demo
This page replays one clear scenario using fixture data only.
Sample file used
Security Awareness Training Policy Version: 1.4 ... All workforce members must complete annual refresher training. Managers receive escalation notices for overdue training.
Expand full sample policy
Security Awareness Training Policy Version: 1.4 Owner: Security & Compliance Effective Date: 2026-01-15 Review Cycle: Annual 1. Purpose This policy establishes mandatory security awareness training requirements for all workforce members. 2. Scope This policy applies to all employees, contractors, interns, and privileged third-party operators with access to company systems or data. 3. Control Objectives - Ensure workforce members understand secure handling of sensitive information. - Reduce phishing susceptibility through recurring education and simulation. - Verify completion and attestation for all in-scope personnel. 4. Training Requirements 4.1 New-Hire Training - Must be completed within 10 business days of account provisioning. - Covers password hygiene, MFA, incident reporting, and data classification. 4.2 Annual Refresher - All personnel must complete annual refresher training. - Completion deadline is 30 calendar days after assignment. 4.3 Role-Based Modules - Additional modules are required for engineering, support, and admin roles. - Privileged users must complete secure admin operations training. 5. Monitoring and Enforcement - Security Operations tracks completion status weekly. - Managers receive escalation notices for overdue training. - Access restrictions may apply when training is overdue by more than 30 days. 6. Evidence and Recordkeeping - Training completion records are retained for at least 24 months. - Evidence includes completion logs, attestation records, and campaign reports. 7. Exceptions Any exception requires documented approval from Security and Compliance leadership. 8. Policy Violations Failure to complete required training may result in corrective action.
Matched controls in this demo:
SCF-IAO-04: Security Awareness Training
SCF-IAO-05: Training Completion Monitoring
1) Upload Evidence
A policy file is uploaded and mapped to SCF controls using the selected documentation artifact.
Not Run
2) Build Document Graph
The document is converted into chunks and graph evidence atoms.
Not Run
3) Map Atoms to Controls
Evidence atoms are mapped to one or more SCF controls.
Not Run
4) Compute Coverage + Gaps
Coverage and control gap statuses are calculated.
Not Run
5) Build Auditor Report
An audit-ready report payload is generated with traceability.
Not Run