ControlMap AI is an embedded AI assistant built into the ControlMap platform. It helps compliance teams work faster by providing intelligent, context-aware assistance across the workflows you already use: gap analysis, policy drafting, evidence review, audit preparation, security questionnaire completion, and more.

ControlMap AI is currently available as a beta for select MSP partners with Pro clients in the US region.

General questions

What is ControlMap AI?

ControlMap AI is an embedded AI assistant that provides context-aware compliance assistance directly within the ControlMap platform. It helps with tasks like gap analysis, document creation, evidence review, audit preparation, and security questionnaire completion.

Who can use ControlMap AI?

ControlMap AI is available to the following MSP partner roles:

• MSP Super Admin
• MSP Compliance Manager

Client users do not have access to ControlMap AI. Only MSP partner users working within a Pro client tenant can use AI features.

ControlMap AI is available on all Pro clients for your account. It is not available on non-Pro clients.

Is this a chatbot?

Today, no - it’s centered on Quick Actions tied to where you are in the app, not open-ended chat. Later, we expect it to support more conversational interactions while keeping that same product context.

Where can I find ControlMap AI?

1. Find the AI widget — Look for the AI widget in the top navigation bar. It's available on every page in ControlMap.
2. Open the AI panel — Click the AI widget to open the panel on the right side of the screen. It stays open as you navigate, so you can work alongside the AI without losing your place.
3. Complete your Company Details — On first use, you'll be prompted to fill in a short profile about your client's organization: industry, company size, and an optional website. This helps the AI tailor its responses. You can update these details at any time.
4. Use Quick Actions — Based on the page you're viewing, the AI panel will present context-specific Quick Actions. These are the primary way to interact with ControlMap AI. Select any Quick Action to run it.

What can ControlMap AI do?

ControlMap AI surfaces different capabilities depending on where you are in the product. Here are the key areas where AI assistance is available:

Compliance Overview
Get a high-level summary of your compliance health, weekly priorities, and top risks — all generated from your actual ControlMap data.

Frameworks and Requirements
Analyze audit readiness for a specific framework, identify gaps in your controls and documentation, get implementation guidance for individual requirements, and find where your policies or evidence fall short.

Document Management
Create new policies, procedures, and governance documents with AI assistance. Review existing documents with a compliance quality score, get suggested requirement mappings, and receive actionable improvement recommendations.

Evidence
Identify duplicate or redundant evidence in your library, flag stale evidence that needs refresh, and analyze the quality of uploaded evidence files against audit readiness standards.

Assessments
Summarize assessment progress, identify next steps, and get AI-assisted help answering individual assessment questions.

Security Questionnaire Agent
Upload a security questionnaire (spreadsheet format), and the AI will parse the questions and generate answers using your compliance data. Review, edit, and export the completed questionnaire. A reusable Q&A Library saves answers for future questionnaires.

How do credits work?

AI actions consume credits. Each action has a credit cost based on its complexity. Your remaining credit balance is displayed at the top of the AI panel.

During the beta, there may be a monthly credit limit to manage capacity. Your balance resets each month.

What about human review and approval?

ControlMap AI does not make changes to your environment without your permission.

Document creation — The AI generates a draft for you to review. You choose to accept, edit, or regenerate before anything is saved.

Recommendations — When the AI suggests actions (e.g., mapping a control, adding evidence), you select which recommendations to accept using checkboxes. Only accepted items are applied.

Analysis and summaries — These are read-only outputs. They surface insights but do not modify your data.

How can I provide feedback?

Your feedback directly improves ControlMap AI. After every AI response, you'll see thumbs up and thumbs down buttons.

If you select thumbs down, you'll be prompted to describe what went wrong. This feedback is reviewed by the ControlMap Product team and used to prioritize quality improvements.

Data and privacy

What data does ControlMap AI have access to?

ControlMap AI only accesses data within the specific client's ControlMap environment — policies, evidence, controls, frameworks, risks, assessments, and related records. No data is shared or visible across clients.

Is data shared between my clients?

No. All AI processing is scoped to the individual client tenant. Data from one client is never used in responses for another client and is never visible across tenants.

Is my data used to train the AI model?

No. Client data is not used to train, fine-tune, or improve the underlying AI models. Your data is used only to generate responses within your own client environment.

Where is my data processed?

Your tenant data stays in your region. AI features may use additional processing locations as implemented today. Expect this to evolve as we scale ControlMap's AI capabilities.

Security and compliance

Is ControlMap AI covered under ControlMap's SOC 2 compliance?

ControlMap maintains SOC 2 Type II compliance. The AI feature operates within the same security controls and infrastructure as the rest of the ControlMap platform.

Does using ControlMap AI affect my compliance posture?

No. ControlMap AI assists with compliance work but does not autonomously change your environment. All AI-generated content — policies, recommendations, questionnaire answers — requires your explicit review and approval. Your compliance data remains under your control at all times.

Is there an audit trail for AI actions?

Saved AI powered content follows the same audit and versioning behavior as comparable content elsewhere in ControlMap, and is recorded under the user who accepted or applied it.

Pricing and credits

What does ControlMap AI cost?

ControlMap AI is free during the beta period. There may be a monthly credit limit to manage capacity, but you will not be billed. 

Access and availability

Do I have to use ControlMap AI?

No. ControlMap AI is entirely optional. It is only triggered when you click the AI widget in the top navigation bar. If you don't wish to use it, simply don't open it - there is no impact to your existing workflows.

When will other regions get access?

The beta is available to US partners with Pro clients only. EU, AU, and CA will receive access upon general availability. GovCloud access will be determined at a later date.