GraphLetter Logo
    Graphletter
    FrameworksArchitectureResearch

    Graphletter

    A compliance analysis engine for regulatory frameworks.

    Graphletter ingests evidence documents and evaluates them against the Secure Controls Framework (SCF), producing structured coverage assessments across 79+ regulatory standards including NIST, ISO 27001, SOC 2, GDPR, PCI DSS, and HIPAA.

    How it works →

    Pipeline

    Input

    Frameworks & Evidence

    SCF control catalog (1,200+ controls, 33 domains), regulatory framework mappings, and uploaded evidence documents (PDF, DOCX, images).

    Analysis

    Normalization & Assessment

    Content extraction via GPT-5-mini, SCF control mapping via GPT-5, gap analysis and recommendations via Claude 3.7 Sonnet, cross-framework traceability.

    Output

    Coverage & Gaps

    Per-control confidence scores, evidence strength ratings, gap identification with remediation guidance, and exportable compliance reports.

    79
    Frameworks indexed
    1,200+
    Controls modeled
    25,000+
    Cross-framework mappings
    230+
    Evidence artifact types

    Example Output

    A single evidence document assessed against an SCF control objective.

    Control IDSCF-IAO-04
    ControlInformation Security & Privacy Awareness Training
    Framework MappingsNIST 800-53 AT-2ISO 27001 A.7.2.2SOC 2 CC1.4HIPAA 164.308(a)(5)
    Confidence87%
    Evidence StrengthStrong
    ReasoningThe uploaded security awareness training policy document addresses role-based training requirements, annual refresher cycles, and phishing simulation programs. Covers 4 of 5 assessment objectives for this control. Missing: evidence of completion tracking metrics.
    GraphLetter Logo
    Graphletter

    Project

    ArchitectureFrameworksResearch

    Legal

    PrivacyTermsSCF Attribution

    Contact

    hello@graphletter.com
    © 2026 Graphletter