Automatically surface which AI systems and datasets need assessing and against which risk assessment templates so governance teams spend their time completing the right assessments instead of working out where to start.
As AI adoption grows, the number of systems and datasets that may require risk assessment grows with it. Deciding which assessments to run, against which items, and in what order is manual, judgement-heavy, and easy to get wrong. Assessments get duplicated, high-risk systems get missed, and effort is spread thinly across items that don't need attention.
Automated Compliance removes that guesswork. The recommendation engine evaluates your AI inventory and datasets against the risk assessment templates relevant to the compliance frameworks your organisation has adopted, then surfaces a prioritised list of recommended assessments — telling you what to assess next, and why.
Purpose
Automated Compliance gives governance teams a consistent, framework-aligned way to decide what to assess next, without relying on manual tracking or individual judgement.
- Focus effort on the assessments that matter most, ranked by risk
- Ensure coverage across the compliance frameworks your organisation has adopted
- Avoid duplicated work by automatically excluding items already assessed
- Match the right template to the right type of item — AI system or dataset — automatically
- Support consistent scoring with a suggested risk level for completed assessments
This ensures teams can scale risk assessment alongside AI adoption while maintaining defensible, framework-aligned coverage.
How It Works
Feature 1 — Framework-Driven Recommendations
Recommendations are driven by the compliance frameworks your organisation has adopted through its published policies. A risk assessment template is only recommended when it maps to one of those frameworks, keeping recommendations aligned to the standards you're actually governing against. If no frameworks are configured, a default framework is used so recommendations are still generated.
Feature 2 — Automatic Item Matching
For each qualifying template, the engine scans your AI inventory and datasets and matches items against the template's configured rules, including:
- Risk level — Low, Medium, or High items mapped to the template's Low / Moderate / High / Critical criteria
- Generative AI — whether the system is a generative AI type (AI systems only)
- Personal or sensitive data — for AI systems, whether at least one linked dataset is classified Confidential, Sensitive, or Restricted; for datasets, the dataset's own classification
Depending on its configuration, a template can apply to AI systems, datasets, or both — so the right assessment is always matched to the right items.
Feature 3 — Priority vs Recommended Batches
Recommended assessments are grouped into batches and tagged by importance. Batches are marked Priority where the framework treats the assessment as required, and Recommended otherwise — giving teams a clear signal on what to tackle first.
Feature 4 — Smart Exclusion of Completed Work
Items that have already been assessed with a given template are automatically excluded from that template's recommendations. This prevents duplicated effort and keeps the recommended list focused on what still needs attention.
Feature 5 — Risk-Tiered Ranking
Within each template, recommended items are ordered by risk tier — Critical, then High, then Moderate, then Low — and then by name, so the highest-risk systems and datasets always rise to the top. Each template shows up to 50 matched items.
Feature 6 — Recommended Risk Level
For completed assessments, Automated Compliance calculates a Recommended risk level from the assessment responses and displays it alongside the assessment. This gives reviewers a suggested, consistently derived risk rating to support and sense-check their scoring. It appears only where the assessment is completed, has scoring enabled, and includes at least one answered scored question.
Notes
- Recommendations are driven by the compliance frameworks linked to your published policies; if none are configured, a default framework is used
- Templates only apply to items that match their configured rules (risk level, generative AI, and personal or sensitive data)
- A template can apply to AI systems, datasets, or both, depending on its configuration
- Items already assessed with a given template are excluded from that template's recommendations
- Items are ordered by risk tier and then name Batches tagged Priority indicate the framework treats the assessment as required; all others are shown as Recommended
- The Recommended risk level is calculated from assessment responses and appears only for completed, scored assessments
- Currently available in all plans
Related Help Pages
Risk Assessment in Bulk