Platform Features | AI-Powered Compliance Modules

Core Modules

20+ integrated modules covering every stage of the compliance lifecycle.

Assessment

Align

Control-by-control gap assessment across all standards. Track status (Not Started, Partial, Implemented) per control with progress bars, evidence linking, cross-standard mapping badges, and AI Copilot recommendations.

Documents

Toolkit

100–200+ pre-built policy templates across 19 standards. Rich text editor with markdown, version control, 12-month review cycles, AI-powered rewriting suggestions, and export to PDF, Word, and XLSX.

Evidence

Evidence Management

Drag-and-drop upload for PDFs, images, DOCX, and XLSX (up to 50 MB). AI analysis with confidence scoring (0–100%), recency checks, and control fit assessment. Bulk ZIP export with XLSX mapping matrix.

Tasks

Task Management

Assign tasks from any control with due dates and 4 priority levels. External assignee links (no account needed), maker-checker verification, and reports with completion rates, team workload, and weekly activity.

Quality

CAPA Register

Full non-conformity lifecycle: logging with auto-generated NCR numbers, root-cause analysis (5 Whys, Fishbone, or custom), corrective actions with owners and due dates, verification, and closure — all linked to controls.

Risk

Risk Register

5x5 likelihood/impact matrix with inherent and residual scoring across 8 risk categories. Treatment plans with task creation, risk badges on control cards, review scheduling, and heat map visualisation.

Planning

Compliance Calendar

Timeline view of audits, certification expiry, training renewals, document reviews, and task deadlines. Recurring events, multi-standard colour coding, and aggregated data from multiple sources.

Knowledge

Knowledge Base

Centralised document library with categories, tags, version tracking, AI analysis, and direct control mapping. Supports file uploads and URL links with visibility controls.

Audit Trail

Audit Logs

Immutable activity logging with full diffs (old/new values JSONB). Every action tracked with actor, entity, IP, and timestamp. Filterable, exportable to CSV, and powers the Temporal Vault for point-in-time viewing.

Meetings

Governance Recorder

Upload meeting recordings for AI transcription via OpenAI Whisper. Automatically maps content to ISO 27001 Clause 9.3 (Management Review) requirements, generates structured meeting minutes, and extracts action items as tasks. Audio files are linked as evidence to relevant controls — turning every management review into audit-ready documentation.

External Audit

Auditor Mode

11 dedicated modules for external auditors with 30-day time-boxed access: control status, documents, evidence, audit trail, RFI, private scratchpad, temporal vault, smart sampler, traceability, heatmap, and enhanced export.

Multi-Standard

Unified Framework

Combined compliance score across all active standards with automatic bidirectional control propagation — mark a control as implemented in one standard and mapped controls in other standards auto-update. Transitive mapping resolves indirect links (e.g. TISAX → SOC 2 via shared ISO 27001 controls). Summary banners show how many controls are already covered, with a 'show only uncovered controls' filter to focus effort.

Integrations

Evidence Harvester

Automated evidence collection from 5 integrations: GitHub (commits, PRs, CI/CD), Jira (label-based JQL filtering + bidirectional task creation), Confluence (CQL with space/label filtering), SharePoint (Microsoft Graph folder discovery), and custom webhooks. Harvested items land in a review inbox with AI-powered multi-standard control mapping suggestions. Approve, reject, or refine before adding to your evidence library. Per-integration setup guides included.

Training

Training Portal

Interactive compliance training with course modules, quizzes, and case studies per standard. Assign training to staff, track completion, and use completed records as evidence linked to controls. External client portal access included.

Trust

Trust Centre

Public-facing trust portal with a custom URL slug for sharing your compliance posture with customers, prospects, and partners. Share selected compliance documents publicly, gate sensitive content behind access requests with approval workflow, and showcase your certifications — ideal for sales and procurement conversations.

Automation

Compliance Autopilot

Automated compliance drift detection that never sleeps. Detects stale evidence on green controls and unevidenced gaps on red controls, then auto-creates tasks assigned to your team — with deduplication, configurable thresholds, and email summaries.

AI Governance

Comprehensive AI system inventory with auto-generated IDs, EU AI Act risk classification, and behavioural controls configuration. Three structured risk assessments (DPIA, Bias & Fairness, Security) with questionnaire scoring and promote-to-risk-register capability. EU AI Act compliance tab tracks 16 obligations across Articles 9–73 with FRIA template (Article 27) and Technical Documentation Generator (Annex IV). Multi-control linkage across standards with readiness scoring.

Internal Audit

Plan, schedule, and document internal audits with scope, objectives, and criteria. Link findings to controls, generate audit reports, and track follow-up actions — all connected to your compliance calendar.

SoA

Statement of Applicability

ISO 27001 clause 6.1.3 SoA management. Declare applicability per control with justifications, track implementation status, and export for auditor review.

Narrative

Narrative Generator

AI-powered compliance narrative generation with conversational refinement. Generate control narratives from evidence, tasks, and timeline data, then iterate via a chat interface until audit-ready.

RFI

RFI Management

Structured Request for Information workflow connecting auditors with your team. Auditors create RFIs linked to controls with priority and due dates; your team responds with evidence and notes through a tracked lifecycle.

AI-Powered

Governance Recorder

Multi-Standard

Cross-Standard Mapping

Enterprise

Exports & Reporting

Export to PDF, Word (DOCX), XLSX, CSV, and PowerPoint. Generate audit evidence packs as ZIP bundles with index.html table of contents and per-control summaries. Print-optimised consultant client reports for board presentations.

Developer

External API

RESTful API for programmatic access. API keys (narrate_<hex> format) with SHA-256 hashed storage, scoped permissions, and last-used tracking. Upload evidence programmatically via POST /api/v1/evidence/upload. Managed from Developer Settings. Available on Growth and Scale plans.

AI Provider

Bring Your Own AI

Connect your own AI provider — OpenAI, Azure OpenAI, Anthropic Claude, or any OpenAI-compatible endpoint. Credentials are stored with AES-256-GCM encryption. Central factory pattern ensures all 12 AI call sites in the app route through your chosen provider. Available on Growth and Scale plans.

Collaboration

Client Portal

External client contacts get scoped portal access via magic-link login. Includes task visibility, evidence upload, training access, compliance progress overview, and thread-based two-way messaging with consultants — including per-control threads with inline evidence sharing. Light/dark mode included.

Governance

Policy Acknowledgment

Require team member sign-off on compliance policies. Magic-link emails let external users acknowledge without a Narrate account. Track completion rates per document, send reminders for overdue acknowledgments, and add external email recipients beyond your team.

Reports

Advanced Reports

7 report types: Compliance Status, Executive Summary, Management Review, Risk Assessment, CAPA Status, Training Compliance, and AI Governance. Branded PDF output with AI-powered executive narrative summaries. Report scheduling and download history with signed URLs.

Admin

Team Management

Invite team members with role-based access: Owner, Admin, and Member. Admins manage settings, billing, AI provider, and team. Members access all compliance modules but can't change key settings. Email invitations with secure tokens and pending/active status tracking.

AI that accelerates every step

Built-in AI features that analyse evidence, identify gaps, rewrite policies, and guide your team — with enterprise-grade privacy controls.

AI Evidence Analysis

Upload evidence and get instant AI analysis with findings, recommendations, confidence scoring (0–100%), recency checks, and control fit assessment. Powered by GPT-4o vision for images and documents.

Document AI

AI-powered policy rewriting and improvement suggestions. Get your toolkit documents audit-ready faster with intelligent recommendations and one-click application of suggested changes.

AI Compliance Copilot

Per-control AI recommendations with urgency levels, step-by-step action plans, suggested evidence types, and policy hints. Accessible from every control card via the sparkle button.

AI Assistant — Narrator

Conversational compliance assistant that understands your company data. Ask questions about controls, standards, or get guidance on next steps. Context-aware responses based on your compliance status.

AI Risk Assessments

Structured DPIA, Bias & Fairness, and Security assessments for AI systems. Questionnaire-based scoring with risk level calculation, recommendation generation, and one-click promote-to-risk-register for flagged items.

Narrative Generator

Generate audit-ready compliance narratives from your evidence, tasks, and timeline data. Refine iteratively through a chat interface until the output meets your exact requirements.

Privacy Firewall: Three-mode AI privacy system: Standard (all AI features active), Redacted (PII automatically scrubbed — emails, credit cards, SSNs, IP addresses, phone numbers — before any AI processing), and Disabled (High Risk) which blocks all AI features entirely. Enforced server-side on every AI API route and reflected in the frontend. Essential for regulated industries handling sensitive data. Your data is never used to train AI models.

Autopilot

Compliance on autopilot

Set it and forget it. Narrate continuously monitors your compliance posture and automatically creates tasks when evidence goes stale or new gaps appear. Configure staleness thresholds (default 90 days), run on-demand with the 'Run Now' button, and receive email summaries when new tasks are created. Built-in deduplication ensures no duplicate tasks. Dashboard alerts widget shows open autopilot tasks at a glance.