How AI technology improves documentation toolkits

Advisera recently published its first AI-powered documentation toolkit, and based on our clients’ initial reactions, it seems like a great success.

So, what kind of AI technology is built into this product?

AI-powered documentation toolkits use AI technology in the following ways:
  • Templates provide automatic suggestions based on previously provided information.
  • Based on the specifics of the technology used in a company, AI generates the appropriate steps in the process.
  • Any question is answered instantly using an AI-powered knowledge base.

Customer demands & Advisera’s approach

We’ve always known that no one really enjoys writing documents like policies and procedures — people do it because they have to comply with ISO standards or various regulations.

On top of this, we realized that most of our clients don’t know where to start the project, or the steps in the implementation, and they have very little knowledge about these ISO standards or regulations.

Finally, most clients can dedicate very little time to these kinds of projects — they are overwhelmed with other things to do in their company, and they want to complete their compliance project as soon as possible.

So, prior to the emergence of AI technology, we developed our “traditional” toolkits with the following features:

  • Step-by-step guidance to comply with a particular standard or regulation
  • Templates of all required documents that are 80% completed
  • Placeholders in each template that enable the documents to be adapted for each company
  • One-on-one consultations with a subject matter expert included with each toolkit

All these features together enabled our clients to implement a particular ISO standard or a regulation in a much shorter time.

What is the AI opportunity?

However, with the advancement of ChatGPT in 2022, we realized that we could do much more for our clients. Basically, we see that such technology will change the compliance world, and with it, how we write policies and procedures.

For one, GPT (which stands for Generative Pre-trained Transformer) technology can generate text that sounds very human-like — this means that with the right “guidance” (i.e., prompts), it can generate text for documents that are adapted for a particular use. This means that each document can be adapted according to the size of the company, the technology they use, etc.

Further, GPT technology enables answering any questions related to compliance (if the right knowledge base is used as the source of data), which means that implementers do not need to search for information on the Internet or pay for expert opinions.

Finally, GPT technology can analyze text and predict what kind of phrase will fit into the specific context of a sentence — this means that AI can personalize documents so that they better fit the specific context of the company.

Necessary pre-conditions for AI

For AI technology to work, we first had to develop some features that enabled us to build AI on top of them:

  • We developed a knowledge base with a large number of potential questions about ISO standards — in this way, we ensure accuracy when providing answers via AI, while also making sure that any client-sensitive data is not shared through the usage of AI.
  • We developed software through which the AI-powered toolkits are delivered.
  • This software provides users with step-by-step guidance by placing documents in the optimal sequence of implementation.
  • The templates are made in such a way that they are automatically adapted for larger or smaller companies.
  • For each template, the software enables users to go through each placeholder, and suggests what would be the most appropriate content — in other words, a user gets a couple of suggestions for how to personalize each placeholder in the document.
  • Each piece of information that is entered into a placeholder is saved in the user’s organizational profile — and this is the key information that allows the AI to work its magic.

Key AI features in an AI-powered toolkit

Once the user starts to fill in placeholders for a particular document, AI technology predicts the most likely use of this information — for example, when filling out the Backup Policy, the user puts that the Head of the IT Department is the main person in charge of IT. The software will then suggest this job title for the Access Control Policy and other documents whenever there is a need to suggest the main person for IT.

In some cases, a process in a particular document will depend on the technology that the company is using. For example, a backup process will differ depending on whether you use a cloud service or an on-premise server — in such cases, the software asks what kind of technology the company uses, and AI generates the process based on the information it could find on that technology.

Since users have lots of questions once they start writing their documents, we integrated Experta, our AI-powered knowledge base, into the AI-powered toolkit software. Experta is specific because it is trained using proprietary expert materials from Advisera, and it does not collect information from the Internet. And because the quality of the answers (i.e., the output) is equal to the quality of the input, this enables Experta to provide highly accurate answers to users of documentation toolkits. Experta also suggests frequently asked questions based on the template the user is working on.

The table below shows the comparison between the “traditional” documentation toolkits and these new AI-powered toolkits:

 Traditional toolkitsAI-powered toolkits

Number and format of documents (The same – MS Word and Excel templates) (The same – MS Word and Excel templates)
Delivery of documents Download link in an email Download link from the software
Step-by-step guidance Folders in the toolkit Steps displayed in the software
Placeholders Displayed as comments in the templates Displayed in the software + in the templates
Expert support Email support + 1-on-1 consultations with an expert Experta AI-powered knowledge base + email support + 1-on-1 consultations with an expert
Adapts to the company’s size (none) Documents automatically adapt to the company’s size
Predicts how to fill out placeholders (none) Based on the text of the document and information saved in the organizational profile, AI suggests what to enter in placeholders.
Generates personalized text in the templates (none) Based on the specifics of the technology used in the company, AI generates the appropriate steps in the process.

Where are the limits of AI?

We’re planning to push this AI technology even further — for example, we will use AI to automatically review documents, find out if they are compliant with a standard, and make suggestions for improvement. AI will be able to automatically correct documents and, e.g., “upgrade” the documentation from the old revision of the standard to the new one. AI will also be able to perform a full document review, and then provide a report on the level of compliance and list all nonconformities.

But can AI really do everything? We found some limits as well — when we tested ChatGPT and its ability to create various policies and procedures, we realized that the documents it generated were too generic and very often not fully compliant with specific requirements of a standard or regulation.

Therefore, we concluded that in order to be able to exploit AI technology to its full potential, we needed to blend it with our specific know-how and our knowledge base. This combination alone will enable our clients to handle their documents in a quicker, easier, and more sensible way.

Click here to see AI-powered toolkits from Advisera.

Advisera Dejan Kosutic

Dejan Kosutic

Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001 and NIS 2 expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.
Read more articles by Dejan Kosutic