Back to work

Clearance

Azure-native AI platform that automates compliance assessments for regulated SMEs.

Lead Engineer · 2024

The Problem

Small and mid-size firms in regulated sectors face dense security frameworks (membership schemes, maturity-level controls) that normally require expensive manual consulting to interpret and evidence. The work is slow, repetitive, and error-prone.

What I Built

An ingestion-and-assessment pipeline. Documents are parsed with Azure AI Document Intelligence, indexed for retrieval, and assessed against control frameworks by an agentic GPT-4o workflow that maps evidence to requirements and flags gaps. FastAPI services run on Azure Functions; tenant data and assessment state live in Cosmos DB.

Architecture diagram placeholder

Replace with real architecture diagram

Key Engineering Decisions

  • Serverless-first on Azure Functions for cost at low/variable load
  • Cosmos DB for multi-tenant isolation and flexible document schemas
  • Retrieval-augmented assessment so the model reasons over the firm's own evidence rather than hallucinating compliance claims
  • Agentic decomposition of each control into retrieve → evaluate → cite steps for auditability

Note: Built around Australian defence-industry security frameworks (DISP, ASD Essential Eight) as the initial regulated domain; the architecture is sector-agnostic.

Stack

Azure FunctionsFastAPICosmos DBAzure AI Document IntelligenceGPT-4o