This is the full developer documentation for Regnora Docs # Regnora Docs > The AI-native toolbox for compliance experts. Guides, references, and how-tos to get the most out of Regnora. # Welcome > An introduction to Regnora — what it is, who it's for, and where to go next. Regnora is how compliance experts run gap analyses, evidence controls, and prepare for audits against standards like ISO 27001, ISO 9001, and GDPR — without doing the mechanical parts by hand. The AI matches your policies and records to each requirement, flags what’s missing, and drafts the follow-ups; you spend your time on the judgement calls instead. This section gets you up and running. Read it in order if you’re new; jump straight to what you need if you’re not. ## What’s in this section [Section titled “What’s in this section”](#whats-in-this-section) * [Quick start](/get-started/quick-start/) — A 15-minute end-to-end walkthrough: create a project, enable a framework, run your first gap analysis. * [Core concepts](/get-started/core-concepts/) — The building blocks of Regnora: projects, frameworks, gap analyses, documents, and agents. Read this if you want the mental model before you start clicking. * [Signing up & your organisation](/get-started/signing-up/) — Creating or joining an organisation, signing in, and multi-factor authentication. If you’re evaluating Regnora rather than using it, the [home page](https://regnora.com) is the better starting point. # Core concepts > The building blocks of Regnora — projects, frameworks, gap analyses, documents, and agents. The mental model that the rest of the docs assume you already have: what a **project** scopes, how **frameworks** like ISO 9001 / 14001 / 27001 are structured inside Regnora, what a **gap analysis** actually produces, how **documents** and evidence relate to controls, and where **agents** fit in. Read this once and the rest of the documentation will move faster. Five concepts cover almost everything in the product. They nest cleanly: a project holds the frameworks you’re working against, the documents you’re working from, and the gap analyses you run to compare them. Agents are the reusable AI helpers that sit alongside all of it. ## Projects [Section titled “Projects”](#projects) A project is how you keep separate compliance efforts isolated from each other — your own ISO 27001 work, a client engagement, an audit you’re sharing with an external party. Everything you do in Regnora — uploading documents, enabling frameworks, running gap analyses — happens inside a project, and switching the active project switches every view in the sidebar at once. Projects come in two flavours. An **internal** project is your organisation’s own compliance work — your ISO 27001 ISMS, your quality management system, your environmental management system. An **external** project is an engagement tied to an outside organisation: a client whose system you’re assessing, an auditor you’re sharing evidence with, a supplier you’re reviewing. Every organisation has at least one default internal project; external projects appear when you add the external organisation they belong to. Projects are also the unit of access. Organisation owners and admins see every project; everyone else only sees the projects they’ve been explicitly added to. That makes a project a safe place to put work that should stay separated — different clients, different business units, a draft assessment you’re not ready to share. **Manage:** [Projects](https://app.regnora.com/projects) ## Frameworks [Section titled “Frameworks”](#frameworks) A framework is the standard or regulation you’re working against — ISO 27001, ISO 9001, GDPR — represented in Regnora as its full set of requirements so you can evidence each one and run gap analyses against it. Regnora maintains the catalogue centrally; you don’t import the standard text or keep it up to date yourself. To bring a framework into a project, you **enable** it. That creates a framework adoption — your project’s own instance of that framework, against which you’ll evidence controls and run gap analyses. The same framework can be enabled independently in multiple projects, so an ISO 27001 adoption for your own ISMS doesn’t get tangled up with an ISO 27001 adoption you’re running for a client. Inside a framework, requirements are organised hierarchically — chapters, sections, clauses, controls, articles, annexes — matching how the published standard is structured. The ones the standard frames as actual obligations are flagged as such, and that’s what gap analyses assess against. You can layer multiple frameworks on a single project; overlapping requirements aren’t deduplicated, but they all show up against the same evidence base. **Manage:** [Library frameworks](https://app.regnora.com/library/frameworks) · [Enabled in this project](https://app.regnora.com/frameworks) ## Gap analyses [Section titled “Gap analyses”](#gap-analyses) A gap analysis is how you find out where your current evidence does and doesn’t satisfy an enabled framework. Regnora’s AI walks through every requirement in the framework, checks your project’s documents for evidence, and gives each one a verdict — so instead of doing this manually for hundreds of clauses, you review and decide on the results. A gap analysis moves through four stages, visible as tabs on every analysis: **Plan** (you scope what to assess and the AI proposes a plan you approve), **Analyze** (the AI works through each requirement check using your project’s documents as evidence), **Review** (you go through the assessments, mark them attested or flag them for rework), and **Act** (you turn the remaining gaps into follow-up). Each requirement assessed gets one of three verdicts in the UI: **Pass**, **Gap**, or **N/A**. A few behaviours worth knowing up front. A gap analysis can have multiple **runs** — re-running it produces a fresh set of assessments without losing the history of the previous run, and exactly one run is the “active” one at any time. Runs can be scoped to a subset of documents, or left unscoped to search every document in the project. And every analysis has a status: `draft`, `active`, or `closed` — closing one and starting a new one is the normal way to mark a cycle finished. **Manage:** [Gap analyses](https://app.regnora.com/gap-analyses) ## Documents [Section titled “Documents”](#documents) Documents are your evidence — policies, procedures, records, audit reports, meeting minutes, anything you’d hand to an auditor. When you upload a document, Regnora extracts and indexes its text so the AI can search by meaning, not just filename, when it runs assessments or answers questions about your evidence. Documents are versioned. Re-uploading a policy produces a new version of the same logical document rather than a duplicate, and only one version is “current” at a time — older versions stay available for audit trail. You can organise documents into directories, and a document can be in one of a few states: `staged` (uploaded but not yet committed — typical when an agent has proposed a change for you to approve), `draft`, `active`, or `archived`. Documents are scoped to their project, which matters more than it sounds. A gap analysis assesses against the documents in its own project; an agent reading evidence only sees the project it’s running in. There is no cross-project document search. **Manage:** [Documentation](https://app.regnora.com/documentation) ## Agents [Section titled “Agents”](#agents) An agent is a reusable AI assistant configured once and pointed at compliance work over and over. Use them for recurring tasks specific to how your team works — a particular review checklist, a vendor-questionnaire-to-document flow, anything you don’t want to re-explain every time. Regnora ships built-in agents for the core flows (gap analysis, document revision); custom agents are the ones you build yourself. A custom agent is defined by a name, a description, and a set of markdown **instructions** that become its system prompt — there’s no prompt engineering toolkit and no code. When you create one you also pick its **capabilities** (today: reading your documents, reading enabled frameworks, researching the public web) and its **deliveries** — the kinds of output it’s allowed to produce, which is what lets it propose document changes for a human to review rather than acting silently. Agents are versioned with a draft / active lifecycle, so you can iterate on instructions without disturbing the version that’s wired up to real work. They’re typically composed into workflows — that’s how an agent moves from “a thing I can test” to “a thing that runs when a trigger fires” — but you can also run an agent directly against a chosen input to see what it would do. **Manage:** [Agents](https://app.regnora.com/library/agents) # Quick start > A short end-to-end walkthrough — create a project, enable a framework, add documents, and run your first gap analysis. This walkthrough takes you through Regnora’s main loop end to end: create a project, enable a framework, add some evidence, and run your first gap analysis. By the end you’ll have seen the cycle the rest of the docs build on. It assumes you’ve already [signed in and set up your organisation](/get-started/signing-up/). ## 1. Create a project [Section titled “1. Create a project”](#1-create-a-project) A [project](/guides/setting-up-projects/) is the container for one compliance effort — your own ISO 27001 work, or a specific client engagement. Create one from the **Projects** list, choose **Internal** (your own organisation) or **External** (a client or auditor), and give it a name. Everything you do next happens inside this project. ## 2. Enable a framework [Section titled “2. Enable a framework”](#2-enable-a-framework) A [framework](/guides/working-with-frameworks/) is the standard you’re assessing against. On the project’s **Frameworks** page, select **Add framework**, pick the one you need — ISO 27001, ISO 9001, GDPR, and others are in the catalogue — and select **Enable**. This is *what* your gap analysis will check. ## 3. Add your evidence [Section titled “3. Add your evidence”](#3-add-your-evidence) Gap analysis assesses your [documents](/guides/managing-documents/) against the framework, so it needs evidence to work from. From the **Documentation** area, upload your policies, procedures, and records, or import them from Google Drive. Regnora indexes each document so the AI can search it by meaning. This is *what* you’re assessed on. ## 4. Run a gap analysis [Section titled “4. Run a gap analysis”](#4-run-a-gap-analysis) Now bring the two together. Start a new [gap analysis](/guides/running-a-gap-analysis/), and in the wizard choose the framework and the documents to assess. Regnora drafts a plan; when it looks right, select **Approve Plan**. The AI then works through each requirement, checking your evidence and giving each a verdict — **Pass**, **Gap**, or **N/A**. ## 5. Review and act [Section titled “5. Review and act”](#5-review-and-act) Go through the results in the **Review** stage: **Attest** the verdicts that are right, and **Flag** or **Re-assess** the ones that aren’t. When you’re done, the **Act** stage turns your findings into work — **Start a revision** to have an agent draft a management report or a plan to close a gap, or **Export Excel** to share the results. ## Where to go next [Section titled “Where to go next”](#where-to-go-next) That’s the core loop. From here: * Fill in your [project profile](/guides/project-profile-and-context/) so assessments are sharper. * [Build a custom agent](/guides/building-custom-agents/) and [automate it](/guides/triggers-and-schedules/) to handle recurring work. * Read [Core concepts](/get-started/core-concepts/) for the mental model behind it all. # Signing up & your organisation > Create or join an organisation, sign in by email or with Google / Microsoft, and set up multi-factor authentication. Before you can do compliance work in Regnora you need an **organisation** — the top-level container that holds your projects, members, and billing. This page covers getting in the door: signing in, creating or joining an organisation, and securing your account. ## Signing in [Section titled “Signing in”](#signing-in) Regnora signs you in by **email link** — enter your email and Regnora sends you a link to click, so there’s no password to remember. You can also **Continue with Google** or **Continue with Microsoft** to sign in with an existing account. If you’re brand new, **Get started** takes you through creating your account; returning users go straight to **Sign in**. (If the email doesn’t arrive, check your spam folder.) ## Creating or joining an organisation [Section titled “Creating or joining an organisation”](#creating-or-joining-an-organisation) The first time you sign in, you set up your organisation. If Regnora finds an existing organisation that matches your email domain, you can ask to **join** it; otherwise you **create a new one**, giving it a name, your company size, and a website URL. A new organisation may be briefly reviewed before it’s activated. If a colleague has already invited you, you’ll instead **accept the invitation** and land directly in their organisation with the role they assigned — see [Members, roles & permissions](/guides/members-roles-and-permissions/). ## Multi-factor authentication [Section titled “Multi-factor authentication”](#multi-factor-authentication) If your organisation [enforces two-factor authentication](/guides/org-settings-and-security/#multi-factor-authentication), you’ll set it up before you can continue: scan the QR code with an authenticator app and enter the six-digit code to confirm. You can mark a browser as trusted to skip the challenge for 30 days. ## Finding your feet [Section titled “Finding your feet”](#finding-your-feet) After setup you land on your project home, where an onboarding strip points you at the three things that get a project working: **enable a framework**, **upload documents**, and **run a gap analysis**. The [Quick start](/get-started/quick-start/) walks through exactly that. # Guides > Task-oriented walkthroughs for getting things done in Regnora. Guides are the bulk of these docs. Each page answers a specific “how do I…” question and is written to be read on its own, in any order. They’re grouped below roughly in the order you meet them — set up your workspace, get your evidence in, run the analysis, automate the repetitive parts, and bring your team along. If you’re brand new, start with the [Quick start](/get-started/quick-start/) and then come back here once you have a project set up. ## Setup [Section titled “Setup”](#setup) * [Setting up a project](/guides/setting-up-projects/) — Scope your compliance work into a project; internal vs. external; pick the frameworks in play. * [Project profile & context](/guides/project-profile-and-context/) — Give agents the context they need, including “Fill with AI”. * [Working with frameworks](/guides/working-with-frameworks/) — How ISO and other standards are structured, how to enable them, and the catalogue. ## Documents & evidence [Section titled “Documents & evidence”](#documents--evidence) * [Managing documents and evidence](/guides/managing-documents/) — Upload, import, organise, and version your evidence. * [Discovering your documentation](/guides/discovering-documentation/) — Use Discover to inventory what you have and find the gaps. *(Beta)* * [Drafting & revising documents with AI](/guides/drafting-and-revising/) — Draft and improve documents with every change staged for review. * [Document & checklist templates](/guides/templates/) — Reuse pre-built documents and checklists across projects. ## Gap analysis [Section titled “Gap analysis”](#gap-analysis) * [Running a gap analysis](/guides/running-a-gap-analysis/) — The four stages: Plan, Analyze, Review, Act. ## Automation [Section titled “Automation”](#automation) * [Building custom agents](/guides/building-custom-agents/) — The conversational agent builder, capabilities, and deliveries. * [Automating agents with triggers & schedules](/guides/triggers-and-schedules/) — Run an agent on a schedule, a document event, or an inbound email. * [Agent outputs — canvases & the agent database](/guides/canvases-and-agent-database/) — What an agent produces and what it remembers. * [Skills, rules & memories](/guides/skills-rules-and-memories/) — The reusable building blocks that shape agent behaviour. * [Calendar feeds](/guides/calendar-feeds/) — Subscribe to a Regnora calendar from your own calendar app. ## Collaboration & administration [Section titled “Collaboration & administration”](#collaboration--administration) * [Collaborating with your team](/guides/collaborating-with-your-team/) — Discussion, comments, and review flows. * [Members, roles & permissions](/guides/members-roles-and-permissions/) — Organisation members, project teams, guests, and roles. * [Organisation settings & security](/guides/org-settings-and-security/) — Org profile, MFA, single sign-on, and API keys. # Building custom agents > Use Regnora's conversational agent builder to automate recurring compliance work — no prompt engineering, no code. Regnora lets you build custom agents by **chatting with a builder**, not by filling in a form or writing prompts. You describe the work you want done; the builder drafts the agent’s instructions and proposes the configuration, and you approve as you go. An agent is defined by a name, a description, markdown **instructions**, the **capabilities** it’s allowed, and the **outputs** it may produce. This guide walks through building one, granting it capabilities, and getting it running. ## Built-in and custom agents [Section titled “Built-in and custom agents”](#built-in-and-custom-agents) Regnora ships **system agents** for the core flows — they’re managed by Regnora, so you can inspect one and see where it’s wired up, but you can’t edit it. **Custom agents** are the ones you build yourself for work specific to your team: a particular review, a recurring report, a document-to-document flow. This guide is about custom agents. ## Building an agent by chatting [Section titled “Building an agent by chatting”](#building-an-agent-by-chatting) Create a new agent and you land in the builder: a chat on one side, the agent’s configuration on the other. Tell it what you want — *“I want an agent that watches my policies for compliance gaps”* — and it drafts the agent’s instructions and proposes the rest. As the conversation goes, it surfaces **proposal cards** in line: a capability it needs (**Allow** or **Deny**), a canvas or automation it wants to create (**Apply** or **Dismiss**), or a new version of its instructions to publish. Nothing takes effect until you act on the card. If you’d rather set something directly, the configuration panel is a manual editor: you can edit the **name**, **description**, and **instructions** by hand at any time. The instructions are the agent’s system prompt — what it does, how it decides, what’s out of scope. **Manage:** [Agents](https://app.regnora.com/agents) ## Capabilities [Section titled “Capabilities”](#capabilities) Capabilities are what the agent is *allowed* to do when it runs — it has none until you grant them, and the builder requests each one as the work calls for it. They’re grouped into three areas: * **Documentation** — **Read documents** (ground its work in your evidence), **Write documents**, **Create revision** (stage changes for diff review), **Build canvas** (produce an in-browser dashboard), **Read frameworks** (pull requirement text into its reasoning), and **Web search** (read current public guidance). * **Self-management** — **Update instructions** (draft changes to its own instructions for your approval), **Manage automations** (set up its own triggers), **Manage calendar**, and **Private database** (a small store that persists across runs). * **Communication** — **Chat** (always on, so you can talk to it) and **Send email**. You grant or revoke each capability yourself; the agent can only ever propose, never self-authorise. ## Outputs it produces [Section titled “Outputs it produces”](#outputs-it-produces) What an agent can produce follows from its capabilities — a **document**, a **revision** staged for review, a **canvas**, or an **email**. Everything an agent produces is recorded in its **Outputs**, and anything that touches your data or reaches the outside world is proposed for a human to approve rather than done silently. See [Agent outputs](/guides/canvases-and-agent-database/) for canvases and the agent database. ## Versions: draft and published [Section titled “Versions: draft and published”](#versions-draft-and-published) While you’re building, the agent is a **Draft**. When the instructions are ready, publish them — from the editor as **Save as v2** (the next version number), or by accepting the builder’s publish card. Published versions are immutable snapshots: **v1**, **v2**, and so on, and you can compare versions to see what changed. Automations using the agent pick up a newly published version on their next run, so you can keep refining the draft without disturbing what’s live. ## Running an agent [Section titled “Running an agent”](#running-an-agent) You can run an agent two ways. To run it **by hand**, use **Run on a document** — pick a document and select **Run now**, and the agent works on it immediately. To have it run **on its own**, wire it to a trigger — see [Triggers & schedules](/guides/triggers-and-schedules/). ## Reusing an agent across projects [Section titled “Reusing an agent across projects”](#reusing-an-agent-across-projects) A custom agent starts life in one project. Once it’s published, you can **promote it to a template** in the [agent library](https://app.regnora.com/library/agents) — a project-agnostic copy — and then **deploy** that template into another project to start from a known-good shape rather than rebuilding it. # Calendar feeds > Subscribe to a project or agent calendar from Outlook, Google Calendar, or any app that reads .ics. Regnora calendars — when automations are scheduled to run, plus calendar entries agents publish — can be subscribed to from your own calendar app. You mint a private `.ics` URL for a calendar and paste it into Outlook, Google Calendar, or anything that reads iCalendar, and the events appear alongside your own. ## What’s on a Regnora calendar [Section titled “What’s on a Regnora calendar”](#whats-on-a-regnora-calendar) A feed carries two kinds of event: * **Scheduled automation runs** — when a [schedule-triggered automation](/guides/triggers-and-schedules/) is next due to run, one-off or recurring. * **Agent calendar entries** — the reminders, deadlines, and review windows an agent has published for subscribers to see in their calendar app. ## Subscribing [Section titled “Subscribing”](#subscribing) From a calendar, choose **Subscribe to this calendar**. You can name the subscription (so you recognise it later), and Regnora generates the private `.ics` URL. Copy it then — it’s shown once — and add it as a subscribed calendar in your own app. A feed can be scoped to your whole organisation, a project, or a single agent, depending on where you subscribe from. ## Managing your feeds [Section titled “Managing your feeds”](#managing-your-feeds) Every subscription you’ve created is listed under **My calendar feeds**, with its name, scope, and when it was last fetched. **Revoking** a feed immediately stops its URL from working — anyone using that link loses access at once. There’s no way to regenerate a URL in place: if a link is lost or exposed, revoke it and create a new subscription. **Manage:** [My calendar feeds](https://app.regnora.com/me/calendar-feeds) # Agent outputs — canvases & the agent database > Understand what an agent produces — canvases as run artifacts — and the agent database it remembers across runs. When an agent runs, its work persists beyond that single execution in two forms. A **canvas** is something the agent *produced* — a rendered artifact you can open and read. The **agent database** is what the agent *remembers* — a structured store it builds up across runs. Both appear in an agent’s **Outputs**, and neither is created by hand; they’re products of the agent doing its work. ## Canvases [Section titled “Canvases”](#canvases) A canvas is a rendered document an agent emits during a run: markdown with embedded charts, tables, and diagrams. You open it from the agent’s Outputs to read the result — a summary, a report, an analysis — as a finished page rather than a chat transcript. Canvases are read-only views of what the agent produced. If a canvas was created by an **automation**, you can re-run the agent from the canvas to regenerate it against current data — handy for a recurring report you want refreshed. **Manage:** [Agents](https://app.regnora.com/agents) ## The agent database [Section titled “The agent database”](#the-agent-database) The agent database is an agent’s own structured store. Across runs, an agent can record what it found into tables and read them back next time, so a recurring automation builds on previous work instead of starting cold each time. Regnora shows this database as a **read-only preview**: the tables the agent has created, their columns, and the first rows of each. You don’t edit it — it’s a window into what the agent is keeping track of, so you can see the data behind its conclusions. ## Output versus memory [Section titled “Output versus memory”](#output-versus-memory) It’s worth separating three related ideas: * A **canvas** is what an agent produced on a given run — an artifact to read. * The **agent database** is structured data one agent accumulates across its own runs. * [Memories](/guides/skills-rules-and-memories/) are shared know-how in the Library that agents recall between conversations, reviewed and accepted by your team. Canvases and the database belong to an individual agent and its runs; memories are an organisation-level building block. Reach for the database when you care about the *data* an agent is tracking, and a canvas when you care about the *report* it produced. # Collaborating with your team > Discuss findings, leave comments, and keep work moving with audit-grade traceability. Compliance is rarely a one-person job. Regnora gives a project a place to talk things through and a record of what’s happening, so decisions stay traceable. This guide covers the project **Discussion** thread and the **Activity** feed. For who can see and do what, see [Members, roles & permissions](/guides/members-roles-and-permissions/). ## Discussion [Section titled “Discussion”](#discussion) Each project has a **Discussion** thread on its home page — the place for project-level conversation that isn’t tied to one specific document or assessment. Post a comment, and others can reply one level deep beneath it. A comment can be marked **resolved** when it’s dealt with, and a **Show resolved** toggle keeps the thread focused on what’s still open. You can edit and delete your own comments. Because the thread lives with the project, it’s a durable record of decisions — why something was accepted, what was still outstanding — rather than a conversation that disappears into chat or email. **Manage:** [Project home](https://app.regnora.com/home) ## Activity [Section titled “Activity”](#activity) The **Activity** feed is the running record of what’s happened. A project’s home page shows its own recent activity; the organisation-wide **Activity** page shows everything across every project you can access, newest first, which you can filter by person or by project. Activity covers the meaningful events — a document added or a new version published, a revision started, a gap analysis created, an agent created or run, an automation fired. It’s the quickest way to see what your team and your agents have been doing without opening each project in turn. **Manage:** [Activity](https://app.regnora.com/activity) ## Comments in context [Section titled “Comments in context”](#comments-in-context) Discussion is for the project as a whole, but commenting also happens where the work is. In a [gap analysis](/guides/running-a-gap-analysis/) review, you can **Add Comment** on an individual assessment to note why a verdict looks right or wrong — keeping that conversation attached to the exact check it’s about. # Discovering your documentation > Ask a question and have Discover build an interactive visualisation from your project's documents. Beta Discover is a beta feature and may not be available in your workspace yet. **Discover** helps you understand the shape of your evidence. You ask a question in plain language and Discover generates an **interactive visualisation** from the documents in your project — an overview of your documentation base, a map of how policies and procedures fit together, a flowchart of a process, a knowledge graph of how key documents relate. It’s a way to *see* what you have, rather than read it file by file. ## When to use it [Section titled “When to use it”](#when-to-use-it) Reach for Discover when you want a bird’s-eye view of a project’s documentation — early on to orient yourself, or later to sanity-check how things hang together before an audit or a [gap analysis](/guides/running-a-gap-analysis/). It works from whatever evidence is in the project, so the more you’ve [uploaded](/guides/managing-documents/), the richer the picture. ## Asking a question [Section titled “Asking a question”](#asking-a-question) Open **Discover** and type what you want to see, or pick one of the suggested prompts. For example: * “Give me an overview of the documentation base.” * “Give me an overview of how our policies and procedures fit together.” * “Draw a flowchart of our document approval process.” * “Show a knowledge graph of how our key documents relate.” Discover reads your project’s documents and produces an interactive visualisation in response. Each question becomes a **session** you can return to, and your recent discoveries are listed so you can reopen them. Ask another question whenever your evidence changes and you want a fresh view. **Manage:** [Discover](https://app.regnora.com/documentation/discover) # Drafting & revising documents with AI > Use Revise to draft new policies and procedures or improve existing ones, with every change staged for your review. **Revise** is how you write and improve compliance documents with the AI in the loop. You give it a goal — “Draft an access control policy for our cloud setup”, “Add a section on incident response to this procedure” — and it produces the work as a set of **staged changes** grounded in your project’s context and evidence. Nothing is written to your document library until you approve it, so the AI can do the heavy lifting while you keep the final say. ## Starting a revision [Section titled “Starting a revision”](#starting-a-revision) A revision can begin in a couple of places: * From the **Revisions** area under Documentation, where your recent revisions are also listed. * From the **Act** stage of a [gap analysis](/guides/running-a-gap-analysis/), where **Start a revision** has an agent act on the findings — drafting a management report, a regulatory plan, or documentation that closes a gap. A revision can **create new documents** or **modify existing ones**, and a single revision can do both at once. **Manage:** [Revisions](https://app.regnora.com/documentation/revise) ## Reviewing staged changes [Section titled “Reviewing staged changes”](#reviewing-staged-changes) A revision opens in a two-panel view. On one side is the list of entries the AI has staged — each new document or each change to an existing one. On the other is the focused view of the entry you’ve selected, showing the proposed content (and, for an edit, the difference from the current version). You decide entry by entry what to keep. When you’re happy, **Apply** the revision to write the approved changes into your document library; **Discard** throws the staged changes away without touching anything. Because every change passes through this review, an agent can never alter your evidence silently — applying is always a deliberate human step. ## How drafts stay grounded [Section titled “How drafts stay grounded”](#how-drafts-stay-grounded) Revise doesn’t write in a vacuum. It draws on your [project profile](/guides/project-profile-and-context/) and the [documents](/guides/managing-documents/) already in the project, so a drafted policy reflects your organisation’s actual context and references the evidence you hold rather than generic boilerplate. The better your profile and evidence, the closer the first draft lands. # Managing documents and evidence > Upload, import, organise, and version the documents that serve as your compliance evidence. Compliance work is mostly evidence work. Documents — policies, procedures, records, audit reports — are what gap analyses assess against and what agents read when they answer questions or draft changes. This guide covers getting documents into a project, organising them, and the versioning and states that keep your evidence auditable. Everything here is scoped to the active project; there is no cross-project document search. ## Getting documents in [Section titled “Getting documents in”](#getting-documents-in) From the **Documentation** area you can add evidence two ways: * **Upload** files directly — PDF, Word (`.docx`), PowerPoint (`.pptx`), Excel (`.xlsx`), HTML, and plain text. Drag them onto the page or pick them with the file browser. You can also drop a **ZIP or RAR archive** and Regnora will extract the files inside, optionally preserving the folder structure. * **Import** from **Google Drive**, picking the files you want to bring across. When you upload something that matches an existing document, Regnora asks how to resolve it rather than guessing — keep it as a **new document**, add it as a **new version** of the existing one, or skip it. **Manage:** [Documentation](https://app.regnora.com/documentation) ## What happens after upload [Section titled “What happens after upload”](#what-happens-after-upload) Every uploaded document is processed: Regnora extracts its text and indexes it so the AI can search your evidence *by meaning*, not just by filename. A document shows a processing state while this runs and becomes searchable once it completes. Large files take a little time; an analysis or agent will wait for processing to finish before relying on a document. ## Organising into directories [Section titled “Organising into directories”](#organising-into-directories) You can group documents into **directories** (folders), nest them, and move documents between them. Directories are a convenience for you — they don’t change how the AI searches, which always spans the whole project’s evidence. ## Versioning and the audit trail [Section titled “Versioning and the audit trail”](#versioning-and-the-audit-trail) Documents are **versioned**. Re-uploading a policy creates a new version of the same logical document rather than a duplicate, and only one version is *current* at a time. Older versions stay available in the document’s version history, so you keep a full audit trail of how a policy changed. ## Document states [Section titled “Document states”](#document-states) A document is always in one of a few states: * **Staged** — uploaded or proposed but not yet committed. This is the typical state when an upload needs a decision from you, or when an agent has proposed a change for you to approve. * **Draft** — a working document, not yet treated as live evidence. * **Active** — live, indexed, and searchable; the evidence gap analyses assess against. * **Archived** — kept for the record but out of the active set. Understanding these matters most when an agent stages a change: the document sits in **staged** until you approve it, at which point it becomes part of your active evidence. See [Drafting & revising documents](/guides/drafting-and-revising/) for that flow. # Members, roles & permissions > How organisation members, roles, project access, and guests control who can see and do what. Access in Regnora works at two levels. At the **organisation** level, every person has a role that governs what they can do. At the **project** level, access controls which projects each person can reach. Together they let you keep a client engagement or a draft assessment walled off from the rest of the organisation. ## Organisation roles [Section titled “Organisation roles”](#organisation-roles) Members are managed on the **Members** page, where each person has one of four roles: * **Owner** — full access to the organisation, including everything below. Only an owner can grant the owner role. * **Admin** — manages the organisation and its members, and invites people. * **Member** — a regular member with everyday access. * **Viewer** — read-only access. Owners and admins of the organisation automatically have access to every project in it; that’s part of what their role grants. **Manage:** [Members](https://app.regnora.com/members) ## Inviting members [Section titled “Inviting members”](#inviting-members) From the Members page, **Invite member** sends an email invitation. You’ll see pending invitations and can manage them there, and you can change a member’s role or remove them as your team changes. ## Contributor seats [Section titled “Contributor seats”](#contributor-seats) Separately from their role, members can hold a **Contributor** seat. Contributors can run gap analyses and spend credits, while other members can still view and collaborate. The Members page shows how many contributor seats are in use (for example, “3 of 5 contributors”), and you assign or unassign a seat independently of the person’s role. ## Project access [Section titled “Project access”](#project-access) Project access is straightforward: a person either has access to a project or they don’t. Organisation owners and admins have access to all projects automatically; everyone else needs to be added to a project explicitly. You manage who’s on a project from its **Team** page, which lists the project’s members and pending invitations. ## Guests [Section titled “Guests”](#guests) You can invite someone from outside your organisation to a **single** project — a client, an auditor, a partner — without giving them access to anything else. They’re invited by email to that one project and see only it, which is what makes an external project a safe place to share evidence. ## Resetting a member’s MFA [Section titled “Resetting a member’s MFA”](#resetting-a-members-mfa) Admins can help members who are locked out of [two-factor authentication](/guides/org-settings-and-security/#multi-factor-authentication): from the Members page you can clear a member’s MFA lockout or trigger an MFA reset for them. # Organisation settings & security > Manage your organisation's profile, two-factor authentication, sign-in, and the danger zone. **Settings** is where an organisation owner or admin manages the organisation itself and the security controls that apply to everyone. Most people never need this page; the ones who set the organisation up do. This guide covers the general profile, two-factor authentication, how members sign in, and the irreversible actions. ## General [Section titled “General”](#general) The general settings hold the organisation’s **name**, which an owner or admin can edit. These details identify your organisation across the product. **Manage:** [Settings](https://app.regnora.com/settings) ## Multi-factor authentication [Section titled “Multi-factor authentication”](#multi-factor-authentication) Each member sets up **two-factor authentication (2FA)** for their own account using an authenticator app (TOTP). Once enrolled, they can mark a browser as **trusted** to skip the challenge for 30 days, and forget all trusted devices if they need to. Owners and admins can **enforce** two-factor authentication for the whole organisation with a single toggle — *Enforce two-factor authentication* — which requires every member to set up 2FA before they can keep using the organisation. If a member is locked out, an admin can reset their 2FA from the [Members](/guides/members-roles-and-permissions/#resetting-a-members-mfa) page. ## Signing in [Section titled “Signing in”](#signing-in) Members can sign in with an email and password, or with a **Google** or **Microsoft** account (“Continue with Google” / “Continue with Microsoft”). Using a Google or Microsoft account means one fewer password to manage, and pairs with enforced 2FA for stronger account security. ## Danger zone [Section titled “Danger zone”](#danger-zone) The danger zone holds actions that can’t be undone — most notably **deleting the organisation**. Deleting an organisation removes its data permanently, so the action asks you to confirm. Treat this section with care; it exists for winding an organisation down, not for everyday administration. # Project profile & context > Give agents the context they need — organisation attributes, "Fill with AI", and how context shapes gap analysis. Every project has a **profile**: a set of organisation attributes that agents read to tailor gap analysis and compliance work to your situation rather than guessing. The profile is a list of **context items** — each one an attribute (such as *Industry* or *Data processors*) paired with a value. Some are seeded by the frameworks you’ve enabled, which tells you what a standard expects to know about you; you can also add your own. You fill them in by hand or have Regnora research them for you with **Fill with AI**. ## What the profile holds [Section titled “What the profile holds”](#what-the-profile-holds) Each context item has an **attribute** (the question — “what does Regnora need to know?”), a **value** (your answer), and, where it came from a framework, a badge showing which framework asked for it. That framework link is the useful part: it turns the profile from a generic “about us” form into the specific context your enabled standards rely on. The more complete the profile, the sharper Regnora’s assessments and drafts are, because agents read it before they work. Your project overview shows how complete the profile is and links straight here, so it’s easy to keep current as your scope changes. **Manage:** [Project profile](https://app.regnora.com/profile) ## Filling it in by hand [Section titled “Filling it in by hand”](#filling-it-in-by-hand) Select any context item to edit its value inline. To capture something the seeded attributes don’t cover, use **Add context** and give it an attribute name (for example, “Data processors”) and an optional value. Keep values concise and factual — they’re context for an AI assistant, not prose for a human reader. ## Fill with AI [Section titled “Fill with AI”](#fill-with-ai) **Fill with AI** researches your attributes for you instead of you typing them all out. It works from two sources: your organisation’s **website** and the **documents** you’ve uploaded to the project. The flow is: 1. **Confirm the sources** — check the website URL and see how many uploaded documents will be scanned, then start. 2. **Regnora researches** — it reads your site and documents and drafts values for the attributes it can. 3. **Review the proposals** — for each attribute it shows the proposed value (and your current value, if any). **Accept** the ones that look right and **Skip** the rest. Nothing is saved until you accept it. Because it only proposes — never overwrites silently — Fill with AI is safe to run on a profile you’ve already started; you stay in control of every value. ## Keeping it current [Section titled “Keeping it current”](#keeping-it-current) Treat the profile as living context. When your scope changes — a new system comes in, you enable another framework, your organisation restructures — update the relevant attributes so assessments keep reflecting reality. A stale profile quietly degrades the quality of everything downstream. # Running a gap analysis > Kick off an AI-assisted gap analysis, review the findings, and turn them into actions. Gap analysis is Regnora’s flagship workflow. It answers one question: *where does our current evidence satisfy a framework, and where are the gaps?* Instead of working through hundreds of clauses by hand, you scope a run, let the AI assess each requirement against your documents, review the verdicts it produces, and turn the remaining gaps into concrete follow-up. Every analysis moves through four stages — **Plan**, **Analyze**, **Review**, and **Act** — shown as a progress bar across the top of the analysis. You move forward through them, but you can return to an earlier stage at any time. This guide walks through each one in order. **Before you start**, you need a [project](/guides/setting-up-projects/) with at least one [framework enabled](/guides/working-with-frameworks/) and some [documents uploaded](/guides/managing-documents/) — the framework is *what* you assess against, and the documents are the evidence the AI assesses. ## Starting an analysis [Section titled “Starting an analysis”](#starting-an-analysis) From the **Gap analyses** list, select **New** to open the new-analysis wizard. The wizard collects the basics in a few steps: * **Basis** — choose the framework (or frameworks) to assess against, and the documents to use as evidence. These are the two things every analysis needs. * **Plan** — pick a starting point for the checklist: from scratch, from a [checklist template](/guides/templates/), or by reusing the plan from an existing analysis. * **Setup** — optional details that narrow the run, such as a scope boundary or the purpose of the analysis. When you finish the wizard, Regnora creates the analysis as a **draft** and drops you into the Plan stage. **Manage:** [Gap analyses](https://app.regnora.com/gap-analyses) ## Plan — scope the run and approve it [Section titled “Plan — scope the run and approve it”](#plan--scope-the-run-and-approve-it) In the Plan stage, an AI planning assistant drafts the **scope** (a short description of what this run covers) and a **checklist** of the requirements to assess, organised into sections. Both are editable, and a chat sidebar lets you steer the planner in plain language — tighten the scope, add or remove sections, complete a draft checklist. This is the one place where the AI waits for you. Nothing is assessed until you’re happy with the plan. When the plan is ready, select **Approve Plan** and confirm. Approving locks the plan, moves the analysis from **draft** to **active**, and starts the analysis run. ## Analyze — the AI works through every check [Section titled “Analyze — the AI works through every check”](#analyze--the-ai-works-through-every-check) Once approved, Regnora works through each check on the plan: for every requirement it searches your project’s documents for evidence and records a verdict with its reasoning and the evidence it relied on. A progress indicator shows how many checks are complete out of the total while the run is in flight. Each assessed requirement gets one of three verdicts: * **Pass** — the evidence satisfies the requirement. * **Gap** — the requirement is not satisfied by the available evidence. * **N/A** — the requirement does not apply to this scope. You can group the results by **Section**, **Requirement**, **Compliance** (verdict), or **Review status**, and filter by verdict (**Pass**, **Gap**, **N/A**) or by review state (**Reviewed**, **Flagged**, **Not Reviewed**) to focus on what matters. The verdicts are the AI’s proposal — the Review stage is where a human confirms them. ## Review — confirm, flag, or re-assess each verdict [Section titled “Review — confirm, flag, or re-assess each verdict”](#review--confirm-flag-or-re-assess-each-verdict) The verdict on a check is a starting point, not the final word. In the Review stage you open a check to see its verdict, the AI’s reasoning, and the evidence behind it, then decide what to do. A check carries a **review status** — *Not Reviewed*, *Flagged*, or *Reviewed* — that is separate from its verdict, so you can track which assessments a person has actually signed off. From the review toolbar you can: * **Attest** — mark the assessment as reviewed and correct. (Once attested it switches to **Revert**, which undoes the attestation.) A check must finish running before it can be attested. * **Flag** — mark a check as needing another look, without deleting anything. * **Re-assess** — send the check back to be evaluated again, optionally with an instruction about what to reconsider. See [re-running](#re-running-and-closing-an-analysis) below. * **Edit** — adjust the verdict, title, or reasoning yourself. Disabled once a check is attested. * **Add Comment** — leave a note on the assessment. * **Chat** — open the review assistant pre-pointed at this assessment to ask about it or have it help. * **Delete** — remove an assessment. Disabled once it’s attested. Work through the checks, attesting the ones that are right and flagging or re-assessing the ones that aren’t, until you trust the picture. ## Act — turn gaps into documents [Section titled “Act — turn gaps into documents”](#act--turn-gaps-into-documents) The Act stage is where findings become work product. From here you can **Start a revision** — have an agent act on the findings and draft a document, such as a report for management or a regulatory plan. Each revision opens in the [document editor](/guides/drafting-and-revising/), where every change is staged for your review like any other AI edit. Revisions you’ve started are listed here so you can reopen them. You can also **Export Excel** to download a spreadsheet of the analysis — every check and its verdict — to share or work with outside Regnora. The Act stage produces documents and exports. It does not create tasks or tickets; the follow-up it generates is evidence you can edit and an export you can circulate. ## Re-running and closing an analysis [Section titled “Re-running and closing an analysis”](#re-running-and-closing-an-analysis) An analysis isn’t frozen after the first run. When you **Re-assess** checks from the Review stage, they’re added to a queue (which survives a page reload); starting the re-assessment produces fresh verdicts for those checks while you keep everything else. This is how you respond to new evidence or a verdict you disagree with, without throwing away the whole analysis. When a cycle is finished, open the analysis’s menu on the Gap analyses list and select **Close** — it moves to **closed** and is kept, read-only, for the record. **Reopen** brings a closed analysis back to active if you need to keep working. From the same menu you can **Rename** an analysis, start a brand-new analysis from an existing one’s plan, or **Delete** a draft you no longer want. **Manage:** [Gap analyses](https://app.regnora.com/gap-analyses) # Setting up a project > Scope your compliance work into a project, invite collaborators, and pick the frameworks in play. A project is the primary unit of scope in Regnora — every gap analysis, document, and agent lives inside one, and switching the active project switches every view in the sidebar at once. This guide covers creating a project, the difference between internal and external projects, switching between them, and managing them afterwards. ## Creating a project [Section titled “Creating a project”](#creating-a-project) From the **Projects** list, start a new project. Regnora asks for a few things in two short steps: 1. **Type and details.** Choose **Internal** (your own organisation’s compliance work) or **External** (a client, auditor, or partner engagement), then give the project a **name**. For an external project you also attach a **project organisation** — the outside party the engagement is about — either by picking an existing one or adding a new one with a name and website URL. When you reuse an existing organisation you can also copy across the profile data already filled in for it. 2. **Access.** Organisation owners and admins always have access by default; this step is where you add any other members who should see the project. You can also do this later — see [Members, roles & permissions](/guides/members-roles-and-permissions/). Select **Create project** to finish. Only organisation owners can create external projects. **Manage:** [Projects](https://app.regnora.com/projects) ## Internal vs external projects [Section titled “Internal vs external projects”](#internal-vs-external-projects) The two types exist to keep work that should stay separate from getting tangled together. * An **internal** project is your organisation’s own compliance work — your ISO 27001 ISMS, your quality management system. Every organisation has at least one default internal project. * An **external** project is tied to an outside organisation — a client whose system you’re assessing, an auditor you’re sharing evidence with, a supplier you’re reviewing. External projects are grouped under the organisation they belong to. Both behave the same way once created; the type just determines how they’re labelled and grouped, and whether they’re attached to an external organisation. The [Core concepts](/get-started/core-concepts/#projects) page covers the model in more depth. ## Switching the active project [Section titled “Switching the active project”](#switching-the-active-project) The project switcher in the header is how you move between projects. It groups them into your **internal** projects, your **external** projects (grouped by organisation), and anything **shared with you** as a guest from another organisation. Switching the active project re-scopes the whole app: every page — documents, frameworks, gap analyses — reloads against the project you picked. There’s no cross-project view of evidence or analyses, so make sure the right project is active before you start work. ## Managing projects [Section titled “Managing projects”](#managing-projects) Project settings live under the organisation **Settings**, where projects are grouped by type. Each project shows its creation date and counts for frameworks, documents, gap analyses, and members. From there you can: * **Rename** a project. * **Manage members** (if you’re an admin or owner). * **Delete** a project — though the default internal project can’t be deleted. For external projects, you can also edit the underlying organisation’s name and website URL from its group header. **Manage:** [Projects](https://app.regnora.com/projects) # Skills, rules & memories > The reusable building blocks in the Library that shape how every agent behaves across your organisation. Beyond individual agents, your organisation’s **Library** holds three reusable building blocks that shape how agents behave: **skills**, **rules**, and **memories**. They differ in who controls them and how strict they are — guidance an agent can use, instructions it must always follow, and know-how it remembers. Each can be scoped to all agents or specific ones, and to your whole organisation or specific projects. ## Skills [Section titled “Skills”](#skills) A skill is *reusable AI guidance applied to your organisation’s agents* — markdown guidance layered onto an agent’s system prompt. Use one to package a way of doing something you want available across agents, rather than re-explaining it each time. Skills come from two places: the ones your organisation authors, and a catalogue of **system skills** Regnora maintains. You can **fork** a system skill to create an editable organisation copy. When configuring an agent you choose which skills it should use, and you can scope a skill by agent type and by project. **Manage:** [Skills](https://app.regnora.com/library/skills) ## Rules [Section titled “Rules”](#rules) A rule is an *always-on instruction the agent follows every run* — authored by your team, and something **the agent cannot change**. Rules are injected into the system prompt on every matching run, which makes them the place for non-negotiables: a tone of voice, a compliance constraint, a phrasing your organisation always uses. Rules are organised by a path (like `coding/tone-of-voice`) and scoped by agent type and project. Disabling a rule keeps it in the bank but excludes it from every agent run, so you can retire one without losing it. **Manage:** [Rules](https://app.regnora.com/library/rules) ## Memories [Section titled “Memories”](#memories) A memory is *persistent know-how the agent remembers between conversations*. Unlike rules, memories are collaborative: an agent **proposes** changes from what it learns during its runs, and your team **reviews and accepts** them into the shared bank. You can also add a memory directly. Proposed changes — to create, update, or delete a memory — wait under **Pending review**, where an admin can accept, reject, or edit them before they take effect, and a history lets you revert to an earlier version. Disabling a memory means the agent will no longer recall it. Like the others, memories are scoped by agent type and project. **Manage:** [Memories](https://app.regnora.com/library/memories) ## How they attach to agents [Section titled “How they attach to agents”](#how-they-attach-to-agents) The three differ in how they reach an agent. **Skills** are chosen per agent — you pick the ones an agent should use. **Rules** and **memories** apply automatically to every agent that matches their scope, with no per-agent wiring: set the scope and they’re in effect for the agents it covers. # Document & checklist templates > Reuse pre-built documents and checklists across projects from your organisation's Library. Templates live in your organisation’s **Library** so your team doesn’t rebuild the same starting points for every project. They come in two kinds — **document templates** and **checklist templates** — and each kind includes both the templates your organisation has authored and curated templates that ship with Regnora. Because they’re organisation-level, a template you create once is available to apply across all your projects. ## Document templates [Section titled “Document templates”](#document-templates) Document templates are ready-made documents — policies, procedures, and bundled **packages** of them — that you copy into a project as a starting point and then adapt. Browse them in the Library, and use **Copy to project** to bring a template (or a whole package) into the project you’re working in, where it becomes an ordinary document you can edit and revise. The Library separates **your templates** (the ones your organisation has authored) from **Regnora templates** (the curated set we maintain), so you can tell at a glance which is which. **Manage:** [Document templates](https://app.regnora.com/library/templates/documents) ## Checklist templates [Section titled “Checklist templates”](#checklist-templates) A checklist template is a reusable **assessment plan** — the sections, checks, and assessor guidance your organisation has refined for a given framework. Instead of scoping a [gap analysis](/guides/running-a-gap-analysis/) from scratch each time, you apply a checklist template when planning a new analysis to start from a known baseline. You author and refine checklist templates in the Library, where each can be tied to a framework and carries draft and active versions so you can iterate on one without disturbing the version your team is using. Start a new one with **New template**. **Manage:** [Checklist templates](https://app.regnora.com/library/templates/checklists) # Automating agents with triggers & schedules > Turn an agent into an automation that runs on a schedule, on a document event, or from an inbound email. An [agent](/guides/building-custom-agents/) on its own is something you run by hand. An **automation** is an agent wired to a **trigger** so it runs by itself when something happens. You configure automations from an agent’s **Automations** tab — each one pairs a trigger with the agent and the output it should produce. This guide covers the three trigger types and how to run and manage an automation. ## The three trigger types [Section titled “The three trigger types”](#the-three-trigger-types) When you add a trigger, you choose one of three kinds: * **Schedule** — *“Fire on a recurring time, like every Monday at 09:00.”* * **Event** — *“Fire when something happens — like a document landing in a folder.”* * **Email** — *“Fire when an email arrives at a per-workflow address.”* A single automation uses either a schedule *or* event/email triggers — schedule-based and event-based triggers aren’t mixed in one automation. ### Schedule [Section titled “Schedule”](#schedule) A schedule fires the agent on a cadence. You can set a **one-off** date and time, or a **recurring** cadence by choosing an interval and the days of the week it should run, with a configurable timezone. More elaborate cadences are expressed as a cron schedule that the agent authors for you — you describe what you want in chat and it sets the expression. ### Event [Section titled “Event”](#event) An event trigger fires when something changes in your documents. The available events are **Document — Uploaded** (*“When a new document is uploaded.”*) and **Document — Updated** (*“When an existing document is updated.”*). You can optionally scope the trigger to a specific folder, so it only fires for documents landing there. ### Email [Section titled “Email”](#email) An email trigger gives the automation its own private inbound address — of the form `agent-…@inbound.regnora.com` — generated when you first save it. Anything sent to that address runs the agent on the message. You can optionally restrict which senders are allowed, so only mail from addresses you trust will fire it. **Manage:** [Agents](https://app.regnora.com/agents) ## Running and managing an automation [Section titled “Running and managing an automation”](#running-and-managing-an-automation) Each automation has an **enable/disable** toggle, so you can pause one without deleting it. You can also **Run now** to fire it by hand — useful for testing, or for an event-style automation you want to run against a chosen document on demand. Every automation keeps a **run history**: each run records whether it succeeded or failed, what triggered it, and what the agent produced, and you can replay a run to inspect or re-do it. That history is the first place to look when an automation didn’t do what you expected. ## Seeing scheduled runs [Section titled “Seeing scheduled runs”](#seeing-scheduled-runs) Scheduled automation runs — and any calendar entries an agent publishes — show up on the agent’s calendar, which you can subscribe to from your own calendar app. See [Calendar feeds](/guides/calendar-feeds/). # Working with frameworks > How ISO 9001, ISO 14001, and ISO 27001 are represented in Regnora, and how to enable and navigate them. A framework is the standard or regulation you’re working against — ISO 9001 (quality), ISO 14001 (environment), ISO 27001 (information security), GDPR, and more in the catalogue. Regnora maintains each one centrally as its full set of requirements, so you don’t import the standard text or keep it up to date yourself. This guide covers how a framework is structured inside Regnora, how to enable one in a project, and how to request one that isn’t catalogued yet. ## How a framework is structured [Section titled “How a framework is structured”](#how-a-framework-is-structured) Open a framework and you see its requirements laid out as a tree that mirrors the published standard — **chapters**, **sections**, **articles**, **paragraphs**, **annexes**, **clauses**, **controls**, and so on, nested the way the document itself is. A table of contents alongside the tree lets you jump around a large standard quickly. This structure is what everything else hangs off: gap analyses assess against these requirements, and the [project profile](/guides/project-profile-and-context/) attributes a framework asks for are tied to the same requirements. **Manage:** [Library frameworks](https://app.regnora.com/library/frameworks) · [Enabled in this project](https://app.regnora.com/frameworks) ## Enabling a framework in a project [Section titled “Enabling a framework in a project”](#enabling-a-framework-in-a-project) To bring a framework into a project, you **enable** it. On the project’s **Frameworks** page, select **Add framework**, pick the one you want from the list, and select **Enable**. That creates an *adoption* — your project’s own instance of that framework, against which you’ll evidence requirements and run gap analyses. Enabling is reversible. You can **disable** an adoption at any time without losing data, and re-enable it later. Because each adoption is project-scoped, the same framework enabled in two projects stays completely independent — an ISO 27001 adoption for your own ISMS doesn’t get mixed up with one you’re running for a client. ## Layering multiple frameworks [Section titled “Layering multiple frameworks”](#layering-multiple-frameworks) A project can have several frameworks enabled at once — common when one engagement spans, say, ISO 27001 and GDPR. They all assess against the same evidence base in the project. Overlapping requirements aren’t deduplicated; each framework is evaluated on its own terms. ## The framework library [Section titled “The framework library”](#the-framework-library) The **Framework library** is the central catalogue of everything Regnora supports. You enable frameworks for a project from that project’s Frameworks page, but you browse the full set here. It has two tabs: * **Catalogue** — every supported framework, which you can filter (for example, **EU**, **ISO**, or **Other**) and which is grouped into categories like EU regulations and ISO standards. * **Your submissions** — frameworks you’ve requested that aren’t in the catalogue yet, with their current status. ## Requesting a framework that isn’t catalogued [Section titled “Requesting a framework that isn’t catalogued”](#requesting-a-framework-that-isnt-catalogued) If the standard you need isn’t listed, you can **submit** it from the library. A submission captures the framework’s name, publisher, version, and a description, with optional notes and a file. Submitted frameworks are processed by Regnora before they become enableable — you’ll see them under **Your submissions** with a processing status until they’re ready. **Manage:** [Library frameworks](https://app.regnora.com/library/frameworks) · [Enabled in this project](https://app.regnora.com/frameworks) # Reference > Lookup-oriented documentation — concepts, shortcuts, limits, security, and the API. Reference pages are for when you already know what you’re looking for. They are short, precise, and structured for scanning rather than reading top-to-bottom. If you’re learning Regnora, start with [Get started](/get-started/) or the [Guides](/guides/) instead. ## What’s in this section [Section titled “What’s in this section”](#whats-in-this-section) * [Concepts glossary](/reference/concepts-glossary/) — Definitions for every product term that appears elsewhere in the docs. * [Keyboard shortcuts](/reference/keyboard-shortcuts/) — Every keybinding in the app, organised by context. * [Limits and quotas](/reference/limits-and-quotas/) — File size, upload, and field limits Regnora enforces. * [Data residency & security](/reference/data-residency-and-security/) — Where your data is processed, what the AI does with it, and how it’s kept isolated. * [API reference](/reference/api-reference/) — The status of Regnora’s public API. # API reference > The status of Regnora's public API. Regnora does not currently offer a public API. There’s no API-key management or documented set of endpoints for building against Regnora from outside the app yet. If a programmatic integration would help your use case, [get in touch](/resources/support/) — knowing what people want to build is how we decide what to expose, and we’ll let you know when there’s something to document here. In the meantime, everything Regnora does is available through the [app](https://app.regnora.com), and recurring work can be automated with [agents and triggers](/guides/triggers-and-schedules/) without any code. # Concepts glossary > Definitions for every product term that appears in the Regnora docs. Definitions for the terms the rest of the docs assume you understand, in alphabetical order. Where a concept has its own guide, the entry links to it. **Activity** — The running record of meaningful events in a project or across your organisation — documents added, analyses created, agents run. See [Collaborating with your team](/guides/collaborating-with-your-team/#activity). **Adoption** — Your project’s own instance of an enabled framework. Enabling a framework in a project creates an adoption you evidence and assess against; the same framework adopted in two projects stays independent. See [Working with frameworks](/guides/working-with-frameworks/). **Agent** — A reusable AI assistant configured once and pointed at compliance work repeatedly. **Built-in (system)** agents are managed by Regnora; **custom** agents are the ones you build. See [Building custom agents](/guides/building-custom-agents/). **Agent database** — An agent’s own structured store, which it reads and writes across runs so a recurring automation builds on previous work. Shown as a read-only preview. See [Agent outputs](/guides/canvases-and-agent-database/#the-agent-database). **Annex** — A structural part of some standards (for example, ISO 27001’s Annex A), represented in a framework’s requirement tree. **Assessment** — The result of the AI evaluating one requirement against your evidence during a gap analysis: a verdict, the reasoning, and the evidence it relied on. **Attestation** — Marking an assessment as reviewed and correct. Attesting (or reverting) is how a human signs off on the AI’s verdict. See [Running a gap analysis](/guides/running-a-gap-analysis/#review--confirm-flag-or-re-assess-each-verdict). **Automation** — An agent wired to a trigger so it runs on its own. See [Triggers & schedules](/guides/triggers-and-schedules/). **Canvas** — A rendered artifact an agent produces during a run — markdown with charts and tables — that you open and read. See [Agent outputs](/guides/canvases-and-agent-database/#canvases). **Capability** — Something an agent is allowed to do when it runs (read documents, write documents, web search, send email, and more). An agent has none until you grant them. See [Building custom agents](/guides/building-custom-agents/#capabilities). **Catalogue** — The central library of frameworks Regnora supports, which you browse and enable from. See [Working with frameworks](/guides/working-with-frameworks/#the-framework-library). **Checklist template** — A reusable assessment plan — sections, checks, and assessor guidance — that you apply when planning a gap analysis to start from a known baseline. See [Templates](/guides/templates/#checklist-templates). **Clause** — An individual requirement within a framework’s structure (the level standards typically frame as obligations). **Contributor** — A seat that lets a member run gap analyses and spend credits, assigned independently of their role. See [Members, roles & permissions](/guides/members-roles-and-permissions/#contributor-seats). **Control** — A specific safeguard or requirement within a framework, assessed during a gap analysis. **Directory** — A folder for organising documents within a project. Directories help you navigate; they don’t change how the AI searches. See [Managing documents](/guides/managing-documents/#organising-into-directories). **Discover** — A beta tool that generates an interactive visualisation of your project’s documents from a question you ask. See [Discovering your documentation](/guides/discovering-documentation/). **Discussion** — A project’s comment thread for project-level conversation, with one level of replies and a resolve flow. See [Collaborating with your team](/guides/collaborating-with-your-team/#discussion). **Document** — A piece of evidence you upload — a policy, procedure, or record. Regnora indexes its text for semantic search. See [Managing documents](/guides/managing-documents/). **Document package** — A curated bundle of document templates you can copy into a project together. See [Templates](/guides/templates/#document-templates). **Document state** — Where a document is in its lifecycle: **staged** (proposed, awaiting a decision), **draft**, **active** (live evidence), or **archived**. See [Managing documents](/guides/managing-documents/#document-states). **Evidence** — The documents in a project that a gap analysis assesses against and agents read. **Framework** — The standard or regulation you work against (ISO 27001, ISO 9001, GDPR), held centrally as its full set of requirements. See [Working with frameworks](/guides/working-with-frameworks/). **Gap analysis** — Regnora’s flagship workflow: the AI assesses every requirement of an enabled framework against your evidence and you review the verdicts. See [Running a gap analysis](/guides/running-a-gap-analysis/). **Guest** — Someone from outside your organisation invited to a single project, who sees only that project. See [Members, roles & permissions](/guides/members-roles-and-permissions/#guests). **Instructions** — The markdown that defines a custom agent’s behaviour — its system prompt. Versioned with a draft/published lifecycle. See [Building custom agents](/guides/building-custom-agents/). **Member** — A person in your organisation, with an organisation role. See [Members, roles & permissions](/guides/members-roles-and-permissions/). **Memory** — Persistent know-how in the Library that agents recall between runs; the agent proposes changes and your team accepts them. See [Skills, rules & memories](/guides/skills-rules-and-memories/#memories). **Multi-factor authentication (MFA)** — A second sign-in factor from an authenticator app. Members set it up for themselves; owners and admins can enforce it organisation-wide. See [Organisation settings & security](/guides/org-settings-and-security/#multi-factor-authentication). **N/A** — A gap-analysis verdict meaning the requirement does not apply to the scope. **Organisation** — The top-level container for your projects, members, and billing. **Output** — What an agent produces — a document, a revision, a canvas, or an email — recorded in the agent’s Outputs and proposed for your approval. See [Building custom agents](/guides/building-custom-agents/#outputs-it-produces). **Pass** — A gap-analysis verdict meaning the evidence satisfies the requirement. **Project** — The primary unit of scope; every document, framework, and analysis lives in one. **Internal** projects are your own work; **external** projects are client or auditor engagements. See [Setting up a project](/guides/setting-up-projects/). **Project access** — Whether a person can reach a project. Organisation owners and admins reach every project automatically; others are added explicitly. Access is granted, not graded into project-specific roles. See [Members, roles & permissions](/guides/members-roles-and-permissions/#project-access). **Project profile** — A project’s organisation attributes that agents read to tailor their work. See [Project profile & context](/guides/project-profile-and-context/). **Requirement** — An individual obligation within a framework (a clause, control, or article) that a gap analysis assesses. **Revise** — The AI flow for drafting and improving documents, with every change staged for review. See [Drafting & revising documents](/guides/drafting-and-revising/). **Revision** — A set of staged document changes an agent or the Revise flow produces, which you apply or discard. See [Drafting & revising documents](/guides/drafting-and-revising/#reviewing-staged-changes). **Role** — A member’s organisation-level permission level: **Owner**, **Admin**, **Member**, or **Viewer**. See [Members, roles & permissions](/guides/members-roles-and-permissions/#organisation-roles). **Rule** — An always-on instruction the agent must follow every run, authored by your team and not changeable by the agent. See [Skills, rules & memories](/guides/skills-rules-and-memories/#rules). **Run** — One execution of a gap analysis (or an agent). A gap analysis can have several runs; re-assessing produces fresh verdicts without losing history. See [Running a gap analysis](/guides/running-a-gap-analysis/#re-running-and-closing-an-analysis). **Sign-in (single sign-on)** — Signing in with an existing **Google** or **Microsoft** account instead of an email link. See [Organisation settings & security](/guides/org-settings-and-security/#signing-in). **Skill** — Reusable AI guidance in the Library, layered onto an agent’s system prompt and chosen per agent. See [Skills, rules & memories](/guides/skills-rules-and-memories/#skills). **Stage** — One of the four phases of a gap analysis: **Plan**, **Analyze**, **Review**, **Act**. See [Running a gap analysis](/guides/running-a-gap-analysis/). **Staged change** — A change an agent proposes that sits in a *staged* state until you approve it, at which point it becomes live. **Submission** — A request to add a framework that isn’t in the catalogue yet, which Regnora processes before it becomes enableable. See [Working with frameworks](/guides/working-with-frameworks/#requesting-a-framework-that-isnt-catalogued). **Template** — A reusable starting point in the Library: **document templates** (ready-made documents) and **checklist templates** (reusable assessment plans). See [Templates](/guides/templates/). **Trigger** — What fires an automation: a **schedule**, a **document event**, or an **inbound email**. See [Triggers & schedules](/guides/triggers-and-schedules/#the-three-trigger-types). **Verdict** — The outcome the AI assigns a requirement in a gap analysis: **Pass**, **Gap**, or **N/A**. **Version** — A point-in-time snapshot. Documents are versioned (re-uploading creates a new version), as are agent instructions (published as v1, v2, …). # Data residency & security > Where your data is processed, what the AI does with it, and how projects stay isolated. A short, factual summary of how Regnora handles your data. For anything not covered here, [contact us](/resources/support/). ## Data residency [Section titled “Data residency”](#data-residency) Regnora processes data in the **European Union**. The cloud services and AI providers Regnora uses are configured to EU regions; data is not routed through non-EU regions. ## What the AI does with your documents [Section titled “What the AI does with your documents”](#what-the-ai-does-with-your-documents) When you upload a document, Regnora extracts and indexes its text so the AI can search your evidence by meaning. From there the AI reads that evidence to do the work you ask of it — assessing requirements in a [gap analysis](/guides/running-a-gap-analysis/), drafting and revising documents, answering questions. It works within the project it’s running in. Crucially, anything an agent produces that changes your data or leaves Regnora — a document edit, an email — is **staged for a human to approve**, never applied silently. An agent also has no capabilities until you grant them. See [Building custom agents](/guides/building-custom-agents/#capabilities). ## Project isolation [Section titled “Project isolation”](#project-isolation) [Projects](/guides/setting-up-projects/) are the boundary for your data. A gap analysis assesses only the documents in its own project, and an agent reads only the project it runs in — there is no cross-project document search. [Guests](/guides/members-roles-and-permissions/#guests) invited to a single project see only that project, which is what makes an external project a safe place to share evidence with a client or auditor. ## Account security [Section titled “Account security”](#account-security) * **Multi-factor authentication** — members secure their accounts with an authenticator app, and owners or admins can enforce it across the organisation. See [Organisation settings & security](/guides/org-settings-and-security/#multi-factor-authentication). * **Sign-in** — by email link, or with a Google or Microsoft account. * **Access control** — organisation [roles](/guides/members-roles-and-permissions/#organisation-roles) and explicit project access govern who can see and do what. ## Audit trail [Section titled “Audit trail”](#audit-trail) Regnora keeps a record of what happened. Documents are [versioned](/guides/managing-documents/#versioning-and-the-audit-trail) so you can see how a policy changed over time; gap-analysis [attestations](/guides/running-a-gap-analysis/#review--confirm-flag-or-re-assess-each-verdict) record who signed off on a verdict; and the [Activity](/guides/collaborating-with-your-team/#activity) feed logs the meaningful events across a project. # Keyboard shortcuts > The keyboard shortcuts available in the Regnora app. Regnora’s keyboard shortcuts are deliberately few and context-specific — there’s no command palette to memorise. The ones that exist speed up the places where you do repetitive work: reviewing comments and committing text edits. On macOS the modifier is **⌘ (Command)**; on Windows and Linux it’s **Ctrl**. ## Reviewing a revision [Section titled “Reviewing a revision”](#reviewing-a-revision) When you’re going through the comments on a [revision](/guides/drafting-and-revising/): | Shortcut | Action | | -------- | --------------------------------------- | | `J` | Jump to the next unresolved comment | | `K` | Jump to the previous unresolved comment | ## Editing text [Section titled “Editing text”](#editing-text) When you’re editing a field that supports it — a comment, an agent’s name or description, a gap-analysis plan: | Shortcut | Action | | -------------------- | ----------------------------------- | | `⌘ / Ctrl` + `Enter` | Submit or commit the edit | | `Esc` | Cancel the edit or close the dialog | If you find yourself wanting a shortcut that isn’t here, [let us know](/resources/support/) — it helps us decide what to add. # Limits and quotas > File size, upload, and field limits enforced by Regnora. The concrete limits Regnora enforces. Refer here when sizing an upload or working out why something was rejected. ## Documents and uploads [Section titled “Documents and uploads”](#documents-and-uploads) | Limit | Value | | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | | Maximum size per file | **50 MB** | | Supported file types | PDF, Word (`.docx`, `.dotx`, `.rtf`), PowerPoint (`.pptx`, `.potx`), Excel (`.xlsx`, `.xltx`, `.xls`), `.csv`, HTML, `.txt`, `.md` | | Archives | ZIP and RAR are extracted on upload, up to **500 MB** uncompressed | | Concurrent uploads | Up to **10** files upload at once; the rest queue | Very large Office files are still imported — if one exceeds the limit of Regnora’s primary text extractor, it falls back to a simpler extraction rather than failing. ## Field lengths [Section titled “Field lengths”](#field-lengths) | Field | Maximum | | --------------------------------------- | ---------------- | | Agent name, skill name | 200 characters | | Agent description, skill description | 500 characters | | Assessment comment | 2,000 characters | | Person, organisation, and project names | 255 characters | ## Plans and credits [Section titled “Plans and credits”](#plans-and-credits) Regnora’s usage runs on **credits** and **contributor seats** rather than fixed per-plan caps on projects, documents, or agents. Contributors are the members who can run gap analyses and spend credits; you can see how many contributor seats are in use on the [Members](/guides/members-roles-and-permissions/#contributor-seats) page. For what’s included in your plan and how billing works, see [Pricing and billing](/resources/pricing-and-billing/). # Resources > Meta information — changelog, FAQ, pricing, and how to reach support. Information about Regnora itself rather than how to use it — release history, frequently asked questions, what each plan includes, and how to reach a human when you need one. ## What’s in this section [Section titled “What’s in this section”](#whats-in-this-section) * [Changelog](/resources/changelog/) — Notable releases and changes to the Regnora platform. * [FAQ](/resources/faq/) — Quick answers to the questions we hear most often. * [Pricing and billing](/resources/pricing-and-billing/) — What’s included in each plan and how billing works. * [Support](/resources/support/) — How to get in touch when the docs don’t have the answer. # Changelog > Notable releases and changes to the Regnora platform. Meaningful changes to Regnora — new features, behavioural changes, and noteworthy fixes — are recorded here as they ship. Patch-level fixes and internal-only changes are left out to keep the list signal-rich. For the fastest sense of recent activity in your own organisation, the [Activity](/guides/collaborating-with-your-team/#activity) feed in the app shows what’s happened across your projects. ## 2026-06 [Section titled “2026-06”](#2026-06) * **Documentation site & in-app help.** This documentation site launched, alongside an in-app [help assistant](/resources/support/) (the **?** in the top bar) that answers from these docs and escalates to the Regnora team when it can’t. # FAQ > Quick answers to the questions we hear most often. Short answers to the questions that come up most often. If yours isn’t here, [contact us](/resources/support/). ### Where is my data processed? [Section titled “Where is my data processed?”](#where-is-my-data-processed) In the European Union. Regnora’s cloud services and AI providers are configured to EU regions, with no routing through non-EU regions. See [Data residency & security](/reference/data-residency-and-security/). ### What does the AI do with my documents? [Section titled “What does the AI do with my documents?”](#what-does-the-ai-do-with-my-documents) It extracts and indexes their text so it can search your evidence by meaning, then reads that evidence to assess requirements, draft documents, and answer your questions — within the project it’s running in. It doesn’t search across projects. ### Can an agent change my documents or send email on its own? [Section titled “Can an agent change my documents or send email on its own?”](#can-an-agent-change-my-documents-or-send-email-on-its-own) No. Anything that changes your data or leaves Regnora is **staged for you to approve** first, and an agent has no capabilities until you grant them. See [Building custom agents](/guides/building-custom-agents/#capabilities). ### Are my projects kept separate? [Section titled “Are my projects kept separate?”](#are-my-projects-kept-separate) Yes. A [project](/guides/setting-up-projects/) is the boundary for your data — analyses and agents only see their own project, and guests invited to one project see only that one. ### Is there an audit trail? [Section titled “Is there an audit trail?”](#is-there-an-audit-trail) Documents are [versioned](/guides/managing-documents/#versioning-and-the-audit-trail), gap-analysis verdicts record who attested them, and the [Activity](/guides/collaborating-with-your-team/#activity) feed logs meaningful events across a project. ### How accurate is the gap analysis? [Section titled “How accurate is the gap analysis?”](#how-accurate-is-the-gap-analysis) The AI proposes a verdict and the evidence behind it for every requirement; a human reviews and attests each one. It’s built to speed up and ground your judgement, not replace it. See [Running a gap analysis](/guides/running-a-gap-analysis/). ### What’s the difference between Discover and gap analysis? [Section titled “What’s the difference between Discover and gap analysis?”](#whats-the-difference-between-discover-and-gap-analysis) [Discover](/guides/discovering-documentation/) (beta) gives you an interactive *visualisation* of your documents to understand what you have. A [gap analysis](/guides/running-a-gap-analysis/) *assesses* your evidence against a framework’s requirements. ### Is there a public API? [Section titled “Is there a public API?”](#is-there-a-public-api) Not yet. See [API reference](/reference/api-reference/). ### How does billing work? [Section titled “How does billing work?”](#how-does-billing-work) See [Pricing and billing](/resources/pricing-and-billing/), or email for account-specific questions. # Pricing and billing > How Regnora's credits and contributor seats work, and where to find current plan details. This page explains the *shape* of Regnora’s billing. For current plan details and prices, see the pricing information in the [app](https://app.regnora.com) or email — those are always the authoritative source, so we don’t restate numbers here that could go stale. ## Credits [Section titled “Credits”](#credits) Regnora’s AI work runs on **credits**. The substantial operations — running a gap analysis, having an agent do work — draw on your organisation’s credit balance, which you can see in the app. This keeps cost tied to actual usage rather than a flat allowance you might not use. ## Contributor seats [Section titled “Contributor seats”](#contributor-seats) Members can hold a **contributor** seat. Contributors are the people who can run gap analyses and spend credits; other members can still view projects and collaborate. You assign and unassign contributor seats from the [Members](/guides/members-roles-and-permissions/#contributor-seats) page, independently of each person’s role, and the page shows how many seats are in use. ## Managing billing [Section titled “Managing billing”](#managing-billing) Billing is managed at the **organisation** level by owners and admins. For invoices, payment details, changing your plan, or any account-specific commercial question, [contact us](/resources/support/) — we’re happy to help work out what fits your usage. # Support > How to get in touch when the docs don't have the answer. When the docs don’t cover what you need, here’s how to reach us. ## The in-app help assistant [Section titled “The in-app help assistant”](#the-in-app-help-assistant) The fastest route is the **help assistant** — the **?** in the top bar of the app. Ask it a question in plain language and it answers from this documentation. When it can’t answer, it **escalates your question to the Regnora team**, who reply right there in the app and by email — so you don’t have to switch channels or chase a separate ticket. This is the best first stop for “how do I…?” questions, because it can point you straight to the relevant feature. ## Email [Section titled “Email”](#email) For commercial or account-level questions — billing, your plan, anything specific to your organisation — email . ## Helping us help you [Section titled “Helping us help you”](#helping-us-help-you) Whichever route you use, a few details get you a faster answer: * The **project** and, if relevant, the **gap analysis**, **document**, or **agent** you were working with. * What you expected to happen, and what happened instead. * A screenshot, if something looked wrong on screen.