Library, Scoping, and Gap Analysis
These three pages work together to answer "what standard do we follow, which clauses apply to us, and where are the gaps?"
Library
What. The catalog of standards (ISO 9001, 14001, 45001, 27001, custom modules). Each standard has clauses, each clause has requirements. Where.
/library.
Browsing
- The list shows every published module with its title, version, and number of clauses.
- Click a module → the clauses tree opens. Each clause expands to its child clauses and ultimately its leaf-level requirements.
- Click a requirement → the detail panel shows the description, linked controls, linked documents, and any open CAPAs that reference it.
Building a new module with AI
The library supports AI-assisted module creation:
- Click Build module with AI.
- Upload a PDF/DOCX of the standard or paste its text.
- The AI extracts clauses + requirements and shows a preview.
- Review the preview, edit individual rows, then Apply.
- The module is created in
module_drafts. Click Publish module to move it into the liverequirements_modulesand make it available for scoping.
See AI Copilot for the full workflow.
Scoping
What. Decide which clauses of which standards apply to your org. Where.
/scoping.
Why scoping exists
A standard like ISO 27001 has 100+ controls. You may only implement 60. Scoping lets you mark which clauses are applicable vs not applicable with a justification.
Workflow
- Open
/scoping. - Pick the assessment (a per-org applicability decision set, can
have an
engagement_labelto mark internal vs external scope). - Walk the clause tree, click each leaf to mark In scope or Out of scope + write a one-line justification.
- Optional: bulk Apply override at the clause level to push "Out of scope" to all children with one justification.
- Click Finalize when the applicability decision is complete. Finalized assessments become read-only - to change them, click Reopen (admin only).
Engagement label
The engagement_label field marks the assessment's scope: e.g.
"corporate-only", "production-only", "vendor-management". Set it on the
assessment dialog when creating.
Gap Analysis
What. A report that maps your scoped requirements to the controls and documents you have implemented and surfaces the gaps. Where.
/gap-analysis.
Flow
- Pick the assessment from the dropdown.
- The report renders one row per in-scope requirement with:
- Requirement code + title
- Linked controls
- Linked documents
- Status: Met, Partially met, Not met, Not assessed
- Filter by status to focus on "Not met" gaps.
- Click a row → detail drawer.
Closing gaps
From any "Not met" row you can:
- Suggest controls (AI) - Copilot proposes one or more controls. You approve in the AI Approval Center → controls are created and linked.
- Add evidence - link existing evidence to the requirement.
- Open CAPA - escalate the gap to a tracked corrective action.
Export
The Gap Analysis page has an Export PDF button that produces a 1-pager-per-clause report. Use this for management review packs.
Test it
- Library: open ISO 9001:2015. Clause 4.1 expands to its requirements. Click a requirement; the detail panel shows linked controls/docs.
- Library: click Build module with AI, upload a sample standard PDF; preview screen shows extracted clauses; Apply creates a draft.
- Scoping: create an assessment with engagement_label "corporate". Mark one clause Out of scope with justification. Finalize. Verify the assessment becomes read-only.
- Gap Analysis: pick the finalized assessment. Filter to Not met. Use Copilot's Suggest controls on a row → approve in /ai/approvals → reload the row, controls appear linked.
- Export PDF on Gap Analysis. Verify it contains every in-scope requirement with its status.