Content Digestion
Policy & AuthorityContent Digestion uses AI to automatically extract security controls from policy documents. This eliminates the manual effort of reading through policies and identifying control statements, accelerating the process of building a control framework from existing documentation.
Content Digestion works with policies from the Policy Library. Extracted controls are mapped and tracked in Control Mapping.
Accessing content digestion
From a policy’s detail page, open the Content Digestion tab. This feature is available for any policy regardless of its lifecycle status, so you can extract controls from drafts as well as published policies.
Extraction methods
| Method | Description |
|---|---|
| LITERAL_CONVERSION | Extracts control statements directly from the policy text as written. Best for policies with clearly defined control requirements. |
| AI_EXTRACTION | Uses AI to analyze the policy and identify implied controls, requirements, and obligations. Best for narrative-style policies where controls are not explicitly stated. |
Digestion lifecycle
| Status | Description |
|---|---|
| PENDING | Digestion has been queued and is waiting to start |
| PROCESSING | AI is actively analyzing the document |
| COMPLETED | Extraction is finished and controls are available for review |
| FAILED | Extraction encountered an error during processing |
Starting a digestion
Open the Content Digestion tab
Navigate to a policy’s detail page and select the Content Digestion tab.
Select the extraction method
Choose between Literal Conversion for direct text extraction or AI Extraction for intelligent analysis of the document.
Start the digestion
Click Start Digestion to begin processing. The status changes to PROCESSING while the AI analyzes the document.
Wait for completion
Processing time varies based on document length and extraction method. AI Extraction typically takes longer than Literal Conversion. The status updates to COMPLETED when results are ready.
Reviewing extracted controls
Once the digestion completes, extracted controls are displayed with the following information:
| Field | Description |
|---|---|
| Control Name | Suggested name for the control |
| Statement | The control requirement text extracted from the document |
| Confidence Score | AI confidence rating for the extraction (AI Extraction method only) |
| Status | DRAFT (initial), REVIEWED (validated by user), or CREATED (converted to a tenant control) |
| Framework matching | Suggested mappings to known security frameworks |
Review each extracted control for accuracy and relevance. You can edit the control name and statement before creating it as a formal control.
Creating controls from extractions
After reviewing extracted controls, create them as formal controls in Control Mapping. This bridges AI extraction with your operational control framework, turning document analysis into actionable, trackable control implementations.
CSV export
Export extracted controls to CSV for offline review or import into other tools. The export includes all fields displayed in the review view.
Permissions
| Permission | Description |
|---|---|
policy:manage | Required to start digestions and create controls from extractions |