Automating compliance evidence collection and AI-powered assessment, so regulated customers are always audit-ready.
Automating compliance evidence collection and AI-powered assessment, so regulated customers are always audit-ready.
Automating compliance evidence collection and AI-powered assessment, so regulated customers are always audit-ready.
Released
Released
As Product Designer, worked on WebUI & Desktop app.
As Product Designer, worked on WebUI & Desktop app.
As Product Designer, worked on WebUI & Desktop app.
Tools used:
Tools used:
Compliance was manual, expensive, and invisible.
Compliance was manual, expensive, and invisible.
Compliance was manual, expensive, and invisible.
Regulated customers (defence contractors, financial institutions, government agencies)
required a separate audit Egnyte domain and a third-party integration, making it complex to set up and hard to maintain.
For each control, the Agent analyses collected compliance artifacts (CSV exports of configuration data, user activity, security settings, and audit logs) and generates a plain-language assessment whether the control is met.
Regulated customers (defence contractors, financial institutions, government agencies)
required a separate audit Egnyte domain and a third-party integration, making it complex to set up and hard to maintain.
For each control, the Agent analyses collected compliance artifacts (CSV exports of configuration data, user activity, security settings, and audit logs) and generates a plain-language assessment whether the control is met.
Regulated customers (defence contractors, financial institutions, government agencies)
required a separate audit Egnyte domain and a third-party integration, making it complex to set up and hard to maintain.
For each control, the Agent analyses collected compliance artifacts (CSV exports of configuration data, user activity, security settings, and audit logs) and generates a plain-language assessment whether the control is met.
Key Design Decisions
Key Design Decisions
Key Design Decisions
1 | Role-based access with folder permission carry-forward. Control Owners see only what they own, across every evidence collection cycle.
1 | Role-based access with folder permission carry-forward. Control Owners see only what they own, across every evidence collection cycle.
1 | Role-based access with folder permission carry-forward. Control Owners see only what they own, across every evidence collection cycle.
Problem: Admins needed to scope Power User visibility to specific controls only. Manually re-granting permissions after every evidence collection wasn't scalable.
Problem: Admins needed to scope Power User visibility to specific controls only. Manually re-granting permissions after every evidence collection wasn't scalable.
Decision: Folder permissions are scoped to a specific point in the hierarchy (Regulation → Year → Month → Control → Sub-control) and automatically carried forward to each new timestamp folder after every collection cycle.
Decision: Folder permissions are scoped to a specific point in the hierarchy (Regulation → Year → Month → Control → Sub-control) and automatically carried forward to each new timestamp folder after every collection cycle.
Decision: Folder permissions are scoped to a specific point in the hierarchy (Regulation → Year → Month → Control → Sub-control) and automatically carried forward to each new timestamp folder after every collection cycle.
Why: Evidence collections are recurring. Permissions must be persistent too, or the model breaks within weeks.
Why: Evidence collections are recurring. Permissions must be persistent too, or the model breaks within weeks.
Why: Evidence collections are recurring. Permissions must be persistent too, or the model breaks within weeks.
2 | AI assessments with exportable audit reports adds interpretation along with evidence in compliance workflow.
2 | AI assessments with exportable audit reports adds interpretation along with evidence in compliance workflow.
2 | AI assessments with exportable audit reports adds interpretation along with evidence in compliance workflow.
Problem: Raw artifacts and configuration status still required deep compliance expertise to interpret.
Problem: Legal and architecture documents have different needs for comparing.
Problem: Raw artifacts and configuration status still required deep compliance expertise to interpret.
Decision: A plain-language assessment per control showing (compliant met, risk/gaps).
Decision: Users can switch based on what they're looking for. Text comparison for content changes and visual overlay for layout and formatting differences.
Decision: A plain-language assessment per control showing (compliant met, risk/gaps).
Why: Reviewing evidence before auditors and filling the gaps speeds up the process.
Why: Reviewing evidence before auditors and filling the gaps speeds up the process.
3 | FedRAMP Body of Evidence distributed in-product. No more manual, off-platform handoffs.
3 | FedRAMP Body of Evidence distributed in-product. No more manual, off-platform handoffs.
3 | FedRAMP Body of Evidence distributed in-product. No more manual, off-platform handoffs.
Problem: BoE documents were delivered outside Egnyte made it difficult to track.
Problem: BoE documents were delivered outside Egnyte made it difficult to track.
Decision: Stored in Egnyte. Watermarked PDFs for a designated compliance person, tiered access levels, and a rolling 12-month ConMon archive.
Decision: Stored in Egnyte. Watermarked PDFs for a designated compliance person, tiered access levels, and a rolling 12-month ConMon archive.
Why: In-product distribution created a single auditable source of truth
Why: In-product distribution created a single auditable source of truth
Why: In-product distribution created a single auditable source of truth
Compliance was an entirely new domain. Understanding the industry, the regulations, and the user personas from scratch, before designing anything, was the real work.
Compliance was an entirely new domain. Understanding the industry, the regulations, and the user personas from scratch, before designing anything, was the real work.
Compliance was an entirely new domain. Understanding the industry, the regulations, and the user personas from scratch, before designing anything, was the real work.
© 2026 All Rights Reserved | Parmi Mehta
© 2026 All Rights Reserved | Parmi Mehta