Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.coverbase.com/llms.txt

Use this file to discover all available pages before exploring further.

Risk Assessment Copilot replaces manual, spreadsheet-driven workflows with a programmatic pipeline. It generates custom questionnaires, extracts controls from uploaded evidence, analyzes vendor responses in real time, and detects deltas across reassessments, routing only the remaining edge cases to human reviewers.

What it does

Custom questionnaire generation

Generate vendor questionnaires tailored to the control sets you care about, the vendor’s risk tier, and the services in scope.

Control extraction from evidence

Parse SOC 2 reports, ISO certifications, pen test summaries, and policy documents to extract control evidence automatically.

Real-time response analysis

Analyze vendor responses as they arrive, flagging weaknesses and surfacing follow-up questions without waiting for full submission.

Delta detection on reassessments

Compare new assessment state against prior assessments, generate targeted follow-ups based on response gaps, and flag residual risks for reviewer attention.

How to integrate

Copilot is exposed across both API surfaces:

Export API

Pull assessment results, evaluations, and findings into your compliance dashboards or regulatory reporting pipeline.

MCP Server

Drive assessments from a conversational interface. Start a new assessment, summarize results, or find controls that need human review.

Common workflows

Onboarding pipeline integration

Wire Copilot into your vendor onboarding flow. When a new vendor enters intake, trigger a Copilot assessment scoped to the appropriate control set and tier. Pull results via Export API and surface them in your procurement system before contract execution.
Schedule reassessments on a recurring cadence (annual, semi-annual, or event-driven). Copilot detects deltas against prior state and only surfaces what changed, so your team isn’t re-reviewing static controls.
Configure thresholds for which evaluations route to human reviewers. Edge cases, low-confidence extractions, and high-severity findings escalate; the remaining 90% closes automatically.
Copilot is part of the Coverbase platform and is accessed through the Export API and MCP server rather than a dedicated endpoint. See the Export API Concepts page for assessment and evaluation base objects.