Control Documents (Knowledge Base)

Control Documents lets you upload your organisation’s internal policies, standards, and procedures into a private knowledge base. The platform reads them, suggests which of your scoped controls each document supports, and lets you accept or dismiss those suggestions before they appear on the control.

When to use it

Use Control Documents when you want the platform to do the first pass of “which control does this policy cover?” — so that, instead of manually mapping a forty-page information-security policy against two hundred scoped controls, you review a short list of suggested matches.

Typical sources:

Information Security Policy
Access Control Standard
Incident Response Plan
Vendor Management Procedure
Change Management SOP

The knowledge base is per-organisation — no document you upload is shared with any other tenant.

Uploading a document

Open Knowledge Base → Control Documents from the sidebar.
Drag a file onto the upload zone, or click Choose file.
The row appears immediately with status Pending, then progresses through Parsing → Indexing → Indexed.
Once Indexed, the document is part of your knowledge base and ready to suggest mappings.

Supported formats

Plain text (.txt) and PDF (.pdf) are supported. Documents are extracted to text before indexing — scanned PDFs without OCR will not produce useful mappings.

What if a document fails to index?

If a document shows Indexing failed, the original file and extracted text are kept. You can delete it from the table and re-upload — the platform does not automatically retry, because the underlying cause (corrupted PDF, empty text, etc.) usually needs human attention.

The Review Queue

Once you have indexed documents, the platform proposes mappings between documents and your scoped controls. Review them in Knowledge Base → Control Documents → Review queue.

Each proposed mapping shows:

The control it would attach to
The document and the relevant excerpt
A confidence indicator
Accept and Dismiss actions

Accepting a mapping

Click Accept. The mapping becomes visible on the control’s Knowledge Base tab (see below). Accepting is auditable — every accept is logged with your user identity and timestamp.

Dismissing a mapping

Click Dismiss and add a short reason (e.g. “wrong control family”, “document covers physical not logical access”). The reason is stored on the audit record and helps the platform learn from your decisions.

Why no bulk-accept?

By design, each mapping is reviewed individually. Accepted mappings count as formal evidence references inside the control’s audit trail, so the platform deliberately makes them one-at-a-time decisions.

Per-control Knowledge Base tab

On any scoped control, open the Knowledge Base tab to see:

Accepted evidence — every document mapping you’ve accepted for this control, with filename, relevant excerpt range, and indexing revision.
Stale banner — appears when the knowledge base has been re-indexed (for example after a model update) and previously-accepted mappings need re-review. Re-open the review queue to re-confirm them.
Live query box — type a question or leave it empty to use the control’s own description; the platform returns the most relevant excerpts from your knowledge base. This is read-only — accept/dismiss still happens in the review queue.

Limits

Knowledge base usage is subject to platform limits to keep response times predictable. If you hit a limit you’ll see a clear message naming which limit applies — typically when bulk-uploading or after a long backlog of unreviewed proposals. Contact support if you need a larger envelope for a specific project window.

Privacy

Uploaded documents are stored in your tenant’s isolated workspace. They are indexed using your tenant’s dedicated namespace and never returned to queries made by any other organisation.