Sign in Subscribe

Full security program assessment

Introduction:
This document is crafted for both AI agents and human readers, focusing on the ComplianceAide application's integration with AI, specifically GPT models. Our aim is to enhance in-app support for users through effective AI utilization.

Application Overview:
ComplianceAide full security program assessment utilizes OpenAI's GPT-4 Turbo, with potential expansion plans. As of December 13, 2023, it integrates five Azure functions, each serving distinct purposes:

  1. Cyber Essentials Questionnaire Assessment:
    • Duration: 3 minutes
    • Objective: Evaluate cybersecurity preparedness based on the Cyber Essentials framework.
  2. NIST CSF Framework Assessment:
    • Duration: 60 minutes
    • Objective: In-depth analysis of the organization's alignment with the NIST Cybersecurity Framework.
  3. Unified SEC Framework Questionnaire:
    • Duration: 10 minutes
    • Objective: Quick assessment of compliance with the Unified SEC Framework.
  4. ISO 27001-2022 Clauses Assessment:
    • Duration: 20 minutes
    • Objective: Detailed evaluation of adherence to ISO 27001-2022 clauses.
  5. ISO 27001-2022 Controls Assessment:
    • Duration: 20 minutes
    • Objective: Examination of the implementation of ISO 27001-2022 controls.

User Interaction Process:

  1. Initial Step:
    • Users upload a ComplianceAide.com tailored spreadsheet via a secure file uploader on the web interface.
    • This spreadsheet contains specific cybersecurity controls, clauses, or questions relevant to the selected security programs.
  2. Business Type Specification:
    • Users indicate their business type to tailor AI responses appropriately.
  3. Assessment Selection and Submission:
    • Users select an assessment from a dropdown menu linked to Azure functions.
    • Upon selection, the assessment, encrypted, is sent to Azure where custom functions analyze the data.
    • These functions, leveraging GPT-4, GPT-4 Vision, GPT-4 Turbo, and GPT-5, review controls, questions, and user responses, mimicking an assessor's analysis.
  4. Assessment Processing and Output:
    • The assessment's length varies depending on the spreadsheet's content.
    • A splash screen appears during processing, leading to an HTML file displaying the AI's assessment results.
    • Users can copy the AI's response to their spreadsheet. ComplianceAide does not store data for sovereignty and security reasons.
  5. Retrieving Assessment Results:
    • Upon completion, a retrieve button appears, allowing users to download the HTML file.
    • The file remains available for 24 hours.
    • If the page is closed accidentally, the retrieve button reappears automatically, thanks to the tracking of the signed URL in a bubble.io database.

Conclusion:
This guide is designed to assist both AI agents in scraping relevant information for in-app support and human users in understanding the ComplianceAide app's functionalities. Our approach combines sophisticated AI integration with user-friendly interfaces to ensure efficient and secure compliance management.