The Veritise review chain: kickoff to sign-off in five steps
Veritise runs every engagement through a five-step review chain: kickoff with a certified compliance specialist, agent drafts using your context, specialist reviews and refines, sign-off and delivery with attributable authorship, continuous monitoring for regulatory and environmental change.
Step 1: kickoff with a certified compliance specialist
A certified compliance specialist scopes the engagement with you. Which frameworks apply (EU AI Act, GDPR, ISAE 3402, NIS 2). Where you are in your obligations today. What evidence already exists, and where the gaps are.
The output of kickoff is a scoping document: the frameworks in scope, the obligations per framework, the responsible roles on your side, the evidence locations, the target dates. This document is the input to every subsequent step.
Step 2: AI drafts assessments and documentation
The platform’s agents read the scoping document, your platform configuration, your existing documents, and your public surfaces. From that context the agent drafts the assessment, the policies, the controls, the risk register entries, and the supporting documentation.
The draft is the agent’s best output given the available context. It is not the final artefact. It is the input to the human reviewer.
Step 3: specialist review and refinement
A certified compliance specialist reviews the agent-drafted output against current regulation and against the engagement scope. The specialist refines wording, corrects interpretation where guidance is ambiguous, adds the judgement-heavy sections that an agent cannot produce, and flags items that require customer input.
Where the agent has made a defensible call but the specialist disagrees, the specialist overrides. Where the specialist agrees, the specialist accepts. The audit trail captures both paths.
Step 4: sign-off and delivery
The reviewed output is signed by the named specialist and delivered to you. The signature is the regulatory artefact. It carries the specialist’s name, their credential, and the date.
The customer receives the final document, the audit trail of changes from draft to signed version, and a reference to the underlying evidence. The audit trail is what stands up at audit, at regulatory review, and in a customer’s due diligence.
Step 5: continuous monitoring and updates
A delivered artefact is current as of its sign-off date. Two classes of change make it stale: regulatory change (new guidance, court decisions, national transposition updates) and environmental change (new sub-processors, new product features, new data flows).
The platform monitors both. Regulatory change triggers a re-review by the specialist. Environmental change triggers a re-read by the agent and, where the change is material, a re-review by the specialist. The customer sees the updates and the specialist’s re-sign-off in the audit trail.
Why five steps, not three
A common shorter framing is "agent drafts, expert reviews, customer accepts." That hides the two steps that matter most.
Kickoff is what makes the agent draft useful. Without scoping, the agent has no framing and produces generic output. Continuous monitoring is what keeps the artefact valid. Without it, the deliverable goes stale within months. Skipping either step is what produces the "AI generated my compliance docs and now they are wrong" outcome.