Frameworks

A Compliance Framework represents a structured set of standards, policies, and controls designed to meet specific regulatory or industry requirements (e.g., GDPR, ISO 27001, HIPAA, SOC 2).

Each framework is composed of multiple criteria — individual evaluation points that collectively determine an organization's level of compliance. By systematically assessing input data (such as documents, URLs, or structured records) against these criteria, the system can provide a measurable and interpretable compliance result.

Structure of Framework

• Framework: The overarching regulation or compliance domain.
• Criteria: Sub-components within the framework, each representing a distinct requirement or control.

Evaluating a document set against these criteria yields individual scores or insights, which can be aggregated to estimate overall compliance.

Retrieving Available Frameworks

Use the /frameworks endpoint to retrieve a list of supported compliance frameworks. Here's an example using the Compliance Service API:

Code
 
GET /api/v1/frameworks

Code
 
curl --request GET \
  --url /api/v1/api/v1/frameworks \
  --header 'Content-Type: application/json'

Example Response

Code
 
[
  {
    "id": 0,
    "name": "Cyber Security",
    "codeName": "ISO_27001",
    "description": "International information security standard",
    "criterion": [
      {
        "name": "Access Control",
        "codeName": "AC_01",
        "description": "Controls related to access permissions and restrictions."
      }
    ]
  }
]

This response includes:

• id: Internal identifier of the framework.

• name: Human-readable framework name.

• codeName: System-friendly code name.

• description: A brief summary of the framework.

• criterion: A list of supported compliance checks under this framework.