Graphletter Logo
    Graphletter
    FrameworksHow It WorksTry It OutResearch

    Graphletter

    A compliance analysis engine for regulatory frameworks.

    Graphletter ingests evidence documents and evaluates them against the Secure Controls Framework (SCF), producing structured coverage assessments across 79+ regulatory standards including NIST, ISO 27001, SOC 2, GDPR, PCI DSS, and HIPAA.

    How it works →

    Pipeline

    Input

    Frameworks & Evidence

    SCF control catalog (1,200+ controls, 33 domains), regulatory framework mappings, and uploaded evidence documents (PDF, DOCX, images).

    Analysis

    Normalization & Assessment

    Content extraction and SCF control mapping via GPT-5.4, gap analysis and recommendations via Claude 3.7 Sonnet, cross-framework traceability.

    Output

    Coverage & Gaps

    Per-control confidence scores, evidence strength ratings, gap identification with remediation guidance, and exportable compliance reports.

    79
    Frameworks indexed
    1,200+
    Controls modeled
    25,000+
    Cross-framework mappings
    230+
    Evidence artifact types

    What You Get Back

    Upload a document — a policy, a training record, a vendor assessment. Graphletter maps it to every relevant SCF control and returns structured findings per objective.

    ControlSCF-IAC-15Account Management
    ResultPartial
    RiskMedium
    FrameworksNIST 800-53 AC-2ISO 27001 A.9.2.1SOC 2 CC6.1
    Deficiencies
    • No process for disabling dormant accounts after 90 days
    • Shared/service account inventory not referenced
    Recommendations
    • Add dormant-account deprovisioning policy with 90-day threshold
    • Maintain a service account register with quarterly review
    RemediationEffort: Low·Policy update, no tooling changes
    Graphletter Logo
    Graphletter

    Project

    FrameworksHow It WorksTry It OutResearch

    Contact

    hello@graphletter.com
    © 2026 Graphletter