Edition 2026.1.1Compliance Analysis

Prove your policies meet the frameworks that matter.

Upload an evidence document. Graphletter reads it against 1,468 SCF controls and maps the outcome to 79 frameworks, with AI reasoning quoted back to your source.

Try with a sample doc GitHub →

Frameworks: 79
Controls: 1,468
Mappings: 34,619
SCF Edition: 2026.1.1

§ 01 · Example Output

One assessment, on paper.

Upload a document: a policy, a training record, a vendor assessment. Graphletter maps it to every relevant SCF control and returns structured findings per objective.

Assessment Report

ACME Identity & Access Policy v3.2

Analyzed in 47s12 controls evaluatedSCF 2026.1.1

Control	SCF-IAC-15Account Management
Result	Partial
Risk	Medium
Frameworks	NIST 800-53 AC-2ISO 27001 A.9.2.1SOC 2 CC6.1
Deficiencies	No process for disabling dormant accounts after 90 days Shared/service account inventory not referenced
Recommendations	Add dormant-account deprovisioning policy with 90-day threshold Maintain a service account register with quarterly review
Remediation	Effort: LowPolicy update, no tooling changes

§ 02 · Built in the Open

MIT-licensed. Inspectable. Forkable.

Graphletter is developed in public. The code, the prompts, the SCF mappings, and the schema migrations all live in the repository.

Self-hostable

Run it on your own infrastructure if you'd rather keep evidence inside your perimeter.

Inspectable

Read how the assessments are scored, how citations are parsed, how data flows.

Forkable

Extend it with your own evidence types or framework mappings.

View the code on GitHub →

§ 03 · Try It

Run an assessment of your own.

Pick one of three sample policies and watch Graphletter map it against SCF objectives in under a minute.

Try it now Create an account

No signup required to try