Real workflows. Real approval gates.
Four built-in cross-domain workflows and a 6-agent AI council — all running through the same human-approved mutation path. These are not hypothetical. They ship in the community edition.
Incident response
When an incident is logged, the workflow activates across multiple domains to build a complete response picture without manual coordination.
Classify and enrich
AI reads the incident details, queries ITSM for affected assets, and proposes initial severity and category classifications.
Incidents + ITSM
AI reads the incident details, queries ITSM for affected assets, and proposes initial severity and category classifications.
Timeline and evidence
Proposes timeline entries from available data, links related evidence records, and identifies gaps in the evidence chain.
Incidents + Evidence
Proposes timeline entries from available data, links related evidence records, and identifies gaps in the evidence chain.
Control gap analysis
Maps the incident to relevant controls, identifies which controls failed or were absent, and proposes control remediation actions.
Controls
Maps the incident to relevant controls, identifies which controls failed or were absent, and proposes control remediation actions.
Lessons learned
Drafts lessons learned entries, links them to the incident, and proposes updates to related risk scenarios.
Incidents + Risks
Drafts lessons learned entries, links them to the incident, and proposes updates to related risk scenarios.
Approval gates: 4 approval gates — one per step. Each proposed mutation pauses the workflow until a human approves or rejects.
Periodic risk review
A scheduled run walks the entire risk register, evaluates current state against tolerance statements, and proposes updates where the data warrants it.
KRI evaluation
Reads all Key Risk Indicators, checks current values against thresholds, and identifies breaches or trending indicators.
Risks
Reads all Key Risk Indicators, checks current values against thresholds, and identifies breaches or trending indicators.
Scenario reassessment
For risks with KRI breaches, proposes updated likelihood and impact scores based on current evidence and incident history.
Risks + Incidents
For risks with KRI breaches, proposes updated likelihood and impact scores based on current evidence and incident history.
Tolerance analysis
Evaluates updated risk scores against the Risk Tolerance Statement. Flags risks that have moved outside acceptable bounds.
Risks
Evaluates updated risk scores against the Risk Tolerance Statement. Flags risks that have moved outside acceptable bounds.
Treatment proposals
For out-of-tolerance risks, proposes new treatment actions or escalates existing treatment plans with revised timelines.
Risks
For out-of-tolerance risks, proposes new treatment actions or escalates existing treatment plans with revised timelines.
Approval gates: Each proposed score change, tolerance breach flag, and treatment action requires human approval before it modifies the register.
Control assurance
The AI council reviews control effectiveness across the framework, identifies weak points, and drives evidence collection to close gaps.
Effectiveness review
The 6-agent council examines control test results, assessment scores, and linked incident data to produce an effectiveness opinion.
Controls + Council
The 6-agent council examines control test results, assessment scores, and linked incident data to produce an effectiveness opinion.
Evidence gap detection
Identifies controls that lack current evidence, have expired artifacts, or have never been tested in the current assessment period.
Controls + Evidence
Identifies controls that lack current evidence, have expired artifacts, or have never been tested in the current assessment period.
Evidence requests
Proposes evidence collection requests for identified gaps, assigns to relevant owners based on control ownership data.
Evidence
Proposes evidence collection requests for identified gaps, assigns to relevant owners based on control ownership data.
Remediation planning
For controls rated as ineffective, proposes specific remediation actions with suggested timelines and links to related nonconformities.
Controls + Audits
For controls rated as ineffective, proposes specific remediation actions with suggested timelines and links to related nonconformities.
Approval gates: Council opinions are presented for review. Every proposed evidence request, remediation action, and status change requires approval.
Policy compliance cycle
When a policy is due for review or a regulatory change triggers reassessment, the workflow coordinates updates across the policy lifecycle.
Policy review
Reads the current policy version, compares against linked framework requirements, and identifies sections that may need updates.
Policies
Reads the current policy version, compares against linked framework requirements, and identifies sections that may need updates.
Control mapping validation
Checks that policy statements still map correctly to implemented controls. Flags orphaned mappings or missing coverage.
Policies + Controls
Checks that policy statements still map correctly to implemented controls. Flags orphaned mappings or missing coverage.
Risk alignment
Validates that policy scope aligns with the current risk register. Identifies risks that lack policy coverage.
Policies + Risks
Validates that policy scope aligns with the current risk register. Identifies risks that lack policy coverage.
Change request
If updates are needed, proposes a formal change request with draft modifications, submits for the approval workflow.
Policies
If updates are needed, proposes a formal change request with draft modifications, submits for the approval workflow.
Approval gates: Policy changes go through the built-in approval workflow. No policy is published without explicit human sign-off.
Real queries, real responses
What actually happens when you ask a question.
Query
“Show me the top risks”
Returns 15 risks with scores, categories, and treatment status from the live database.
Query
“Which controls are failing and what risks do they affect?”
Cross-references control assessments with risk register. Maps 3 failing controls to 5 affected risk scenarios.
Query
“Give me a comprehensive review of our security posture”
6 agents deliberate in parallel. CISO synthesises. Returns structured report with consensus, dissents, and prioritised actions.
AI Agents Council
Six specialists. One synthesised answer.
Complex questions that span multiple domains trigger the AI council. Each specialist agent analyses the question from their domain perspective. The orchestrator synthesises a unified response while preserving individual reasoning for audit.
Risk Analyst
Risk scoring, scenarios, KRIs, tolerance
Controls Auditor
Control effectiveness, testing, SoA coverage
Compliance Officer
Framework alignment, regulatory requirements
Incident Commander
Incident trends, response quality, MTTR
Evidence Auditor
Evidence completeness, freshness, coverage
CISO Strategist
Executive synthesis, strategic recommendations
Example council scenarios
“Should we accept the residual risk on our cloud infrastructure controls?”
Cross-domain analysis weighing control effectiveness data, incident history, and strategic risk appetite.
“What is the compliance impact of the 3 open nonconformities?”
Maps nonconformities to framework requirements, assesses evidence gaps, and estimates remediation priority.
“Prepare a board-ready summary of our security posture.”
Synthesises risk scores, incident trends, control metrics, and treatment progress into executive narrative.
Run these workflows yourself.
All four workflows and the AI council ship in the community edition. Clone the repo, start the stack, and trigger them from the gateway.