SureStep GRC Navigation System Architecture

From regulatory frameworks to GRC program execution — one integrated pipeline

Fine-tuning Powers REGULATORY FRAMEWORKS NIST 800-171 NIST CSF 2.0 PCI DSS v4 HIPAA SOC 2 GDPR EU AI Act DORA NIS2 12 CFR CIS Controls CMMC 2.0 Meridian Regulatory & Framework Repository ▸ Structured obligations ▸ Cross-framework mapping ▸ Quarterly updates ▸ 73K+ cited obligations DATA LAYER Compass Fine-tuned Regulatory LLM ▸ Fine-tuned on regulatory data ▸ Citation-grounded output ▸ Ed25519 signed receipts ▸ No vendor lock-in INTELLIGENCE LAYER Navigator GRC Creation & Monitoring ▸ Works with all major GRC platforms ▸ Control & policy generation ▸ Workflow monitoring ▸ Board-ready reporting INTERFACE LAYER 🔐 Ed25519 Audit Trail Cryptographic Governance Layer Merkle-batched · Non-repudiation · Independently verifiable Every API response signed · Thousands verifiable from single root hash Legend External Framework Data Layer Intelligence Layer Interface Layer Security / Audit Data Flow (animated)

Meridian — Data Layer

  • • Downloads regulatory data from multiple jurisdictions
  • • 20+ regulatory frameworks, 73K+ obligations
  • • Structured, normalized — not PDFs
  • • Cross-framework mapping & conflict detection
  • • Quarterly regulatory updates

Compass — Intelligence Layer

  • • Fine-tuned on Meridian regulatory corpus
  • • Citation-backed answers with source provenance
  • • Ed25519 signed receipts for every API call
  • • No vendor lock-in — deploy cloud, on-prem, or air-gapped
  • • GGUF quantized for local execution

Navigator — Interface Layer

  • • Your GRC co-pilot — powered by Compass
  • • Generate controls, policies, and processes
  • • Monitor through entire GRC program lifecycle
  • • Every action grounded in real regulatory text
  • • Complete audit trail with non-repudiation