ControlMap Copilot is an embedded AI assistant built into the ControlMap platform. It helps compliance teams work faster by providing intelligent, context-aware assistance across the workflows you already use: gap analysis, policy drafting, evidence review, audit preparation, security questionnaire completion, and more. 

General questions

What is ControlMap Copilot?

ControlMap Copilot is an embedded AI assistant that provides context-aware compliance assistance directly within the ControlMap platform. It helps with tasks like gap analysis, document creation, evidence review, audit preparation, and security questionnaire completion.

Who can use ControlMap Copilot?

ControlMap Copilot is available to the following MSP partner roles:

• MSP Super Admin
• MSP Compliance Manager

Client users do not have access to ControlMap Copilot. Only MSP partner users working within a Pro client tenant can use AI features.

ControlMap Copilot is available on all Pro clients for your account. It is not available on non-Pro clients.

Is this a chatbot?

Today, no - it’s centered on Quick Actions tied to where you are in the app, not open-ended chat. Later, we expect it to support more conversational interactions while keeping that same product context.

Where can I find ControlMap Copilot?

1. Find the AI widget — Look for the AI widget in the top navigation bar. It's available on every page in ControlMap.
2. Open the AI panel — Click the AI widget to open the panel on the right side of the screen. It stays open as you navigate, so you can work alongside the AI without losing your place.
3. Complete your Company Details — On first use, you'll be prompted to fill in a short profile about your client's organization: industry, company size, and an optional website. This helps the AI tailor its responses. You can update these details at any time.
4. Use Quick Actions — Based on the page you're viewing, the AI panel will present context-specific Quick Actions. These are the primary way to interact with ControlMap Copilot. Select any Quick Action to run it.

What can ControlMap Copilot do?

ControlMap Copilot surfaces different capabilities depending on where you are in the product. Here are the key areas where AI assistance is available:

Document lifecycle — policies, procedures, and governance documents

• Draft new documents from a title and optional context, with a human-in-the-loop Accept / Edit / Regenerate flow before anything is saved
• Run an auditor-grade quality review on existing documents — returns a scored gap analysis with remediation suggestions
• Summarize any document
• Surface which requirements a document satisfies and propose additional mappings

Evidence quality and coverage

• Detect duplicate or redundant evidence across the library
• Identify stale evidence and prioritize a refresh order
• Analyze individual evidence files for completeness and audit readiness
• Surface which requirements an evidence item supports

Compliance posture and weekly priorities

• Summarize overall compliance health across the tenant
• Generate a personalized weekly priorities view
• Analyze top risks on the register with severity and treatment classification

Framework readiness and gap analysis

• Audit-readiness assessment for any framework (NIST CSF, CMMC, SOC 2, ISO 27001, and 50+ others)
• Summary of remaining work to achieve compliance
• List of requirement gaps

Requirement-level implementation help

• Structured implementation guidance tailored to the organization
• Identify gaps in policies / procedures / governance against the requirement
• Identify evidence gaps against the requirement
• Analyze implementation notes for improvements

Assessment support

• Summarize assessment progress
• Surface key next steps and action items
• Assist with answering individual assessment questions

Audit support

• Summarize audit objectives
• Recommend audit prep actions as accept / reject cards that act on the tenant only after the user approves

Security Questionnaire Agent (SAQ)

• Upload .xls, .xlsx, or .csv questionnaires
• Auto-answer every question using the client's compliance data, with confidence scores and Yes / No / Partially / N/A classifications
• Regenerate, edit inline, or save answers to a reusable Library that matches against future questionnaires automatically
• Export the completed questionnaire preserving the original file structure

How do credits work?

AI actions consume credits. Each action has a credit cost based on its complexity. Your remaining credit balance is displayed at the top of the AI panel.

During the open beta, there may be a monthly credit limit to manage capacity. Your balance resets each month.

What about human review and approval?

ControlMap Copilot does not make changes to your environment without your permission.

Document creation — The AI generates a draft for you to review. You choose to accept, edit, or regenerate before anything is saved.

Recommendations — When the AI suggests actions (e.g., mapping a control, adding evidence), you select which recommendations to accept using checkboxes. Only accepted items are applied.

Analysis and summaries — These are read-only outputs. They surface insights but do not modify your data.

How can I provide feedback?

Your feedback directly improves ControlMap Copilot. After every AI response, you'll see thumbs up and thumbs down buttons.

If you select thumbs down, you'll be prompted to describe what went wrong. This feedback is reviewed by the ControlMap Product team and used to prioritize quality improvements.

Data and privacy

What data does ControlMap Copilot have access to?

ControlMap Copilot only accesses data within the specific client's ControlMap environment — policies, evidence, controls, frameworks, risks, assessments, and related records. No data is shared or visible across clients.

Is data shared between my clients?

No. All AI processing is scoped to the individual client tenant. Data from one client is never used in responses for another client and is never visible across tenants.

Is my data used to train the AI model?

No. Client data is not used to train, fine-tune, or improve the underlying AI models. Your data is used only to generate responses within your own client environment.

Where is my data processed?

Your tenant data stays in your region. AI features may use additional processing locations as implemented today. Expect this to evolve as we scale ControlMap's AI capabilities.

Security and compliance

Is ControlMap Copilot covered under ControlMap's SOC 2 compliance?

ControlMap maintains SOC 2 Type II compliance. The AI feature operates within the same security controls and infrastructure as the rest of the ControlMap platform.

Does using ControlMap Copilot affect my compliance posture?

No. ControlMap Copilot assists with compliance work but does not autonomously change your environment. All AI-generated content — policies, recommendations, questionnaire answers — requires your explicit review and approval. Your compliance data remains under your control at all times.

Is there an audit trail for AI actions?

Saved AI powered content follows the same audit and versioning behavior as comparable content elsewhere in ControlMap, and is recorded under the user who accepted or applied it.

Pricing and credits

What does ControlMap Copilot cost?

ControlMap Copilot is free during the open beta period. There may be a monthly credit limit to manage capacity, but you will not be billed. 

Access and availability

Do I have to use ControlMap Copilot?

No. ControlMap Copilot is entirely optional. It is only triggered when you click the AI widget in the top navigation bar. If you don't wish to use it, simply don't open it - there is no impact to your existing workflows.