Executive Summary
Narrate is an ISO compliance platform that streamlines the journey from gap assessment to certification readiness. Core modules include a real-time Compliance Dashboard, Align for clause-by-clause assessments, the Toolkit document generator with 100+ templates, Narrator AI for context-aware assistance, Evidence Management, a searchable Knowledge Base, and a Governance Recorder for automated minutes and task creation. Built with enterprise-grade security and role-based access, it supports organisations, consultants, auditors, and admins.
Table of Contents
- Core Purpose
- Key Platforms & User Types
- Platform Architecture
- Core Features
- Implementation Status
- Application Routes
- Data Model
Core Purpose
- Intelligent Compliance Assessment: Evaluate organizational compliance against ISO standards through interactive, control-by-control evaluation
- AI-Powered Evidence Analysis: Automatically analyze and validate compliance evidence with AI-generated summaries, findings, and recommendations
- Automated Documentation: Generate and customize 100+ compliance document templates with AI-powered policy rewrites
- Meeting Automation: Transcribe governance meetings and auto-extract action items mapped to compliance controls
- Evidence Management: Secure, multi-tenant file storage with audit trails and compliance mapping
- Task Automation: Assign compliance work with maker/checker verification and email notifications
- Audit-Ready Exports: Generate compliance exports for external auditors with evidence mapping matrices
- Real-time Compliance Scoring: Track implementation progress with visual dashboards and critical gap identification
- Enterprise Subscriptions: Feature-based pricing tiers with AI credit accounting and usage enforcement
Key Platforms & User Types
1. Company Users (SaaS Customers)
- Self-serve compliance management for their organization
- Access: Dashboard, Align (assessment), Toolkit (documents), Evidence, Tasks, Knowledge Base, Settings, Audit Logs
- Pricing tiers determine feature access: Starter ($126/mo), Growth ($317/mo), Scale ($999/mo)
- Can invite team members up to their seat limit
2. Consultant Users
- White-label support: manage multiple client organizations
- Access: Consultant dashboard with client list, full access to each client's tools
- Client-scoped compliance management (assess, generate docs, track tasks, evidence)
- Custom pricing & partner program integration
3. Auditor Users
- Time-limited, read-only access for external audit firms
- 30-day expiring invitations; auto-revocation on expiry
- Special capabilities: 24-hour signed URLs, bulk evidence ZIP export, Evidence Mapping Matrix (XLSX)
- Access: Auditor dashboard with company list and export actions
4. Admin Users (Internal)
- Platform administration and client oversight
- Access: Admin dashboard with all client data, advanced analytics
- Capabilities: View all companies, modify all records, delete clients, access analytics
Platform Architecture
Public Pages & Authentication
- Landing/Login: Authentication via Supabase (email/password with MFA support)
- User Type Selection: Choose between Customer and Consultant paths at signup
- Pricing Page: Display 3 SaaS tiers with feature comparison
- Checkout & Payment: Stripe-powered payment processing with verification flow
Customer Platform
- Dashboard: Compliance score, statistics, recent activity, quick actions
- Align (Assessment): Section-by-section control evaluation (4-10, Annex A)
- Toolkit (Documents): 100+ templates, customization, export to Word/PDF
- Evidence Management: Secure file upload, storage tracking, AI analysis
- Tasks: Create, assign, track with maker/checker verification
- Knowledge Base: Upload docs/links, tag, search, visibility controls
- Settings: Company info, subscription details, user management
- Audit Logs: Immutable change tracking, in-app viewer, CSV export
Consultant Platform
- Consultant Dashboard: List all client organizations
- Client Views: Full access to each client's align, toolkit, tasks, knowledge, evidence
- Task Management: Assign and track client compliance work
- Reporting: Client-scoped audit logs and compliance metrics
Auditor Platform
- Auditor Dashboard: View assigned companies with limited-time access
- Evidence Export: One-click ZIP with Evidence Mapping Matrix
- Read-Only Access: Cannot modify any data; 24-hour signed URLs
Admin Platform
- Admin Dashboard: Overview of all companies and users
- Client Management: Create, modify, delete client accounts
- Analytics: Platform-wide metrics and usage tracking
Core Features
Highlights based on the public platform page:
- Compliance Dashboard: Live scoring, control status (aligned/partial/gap), critical gap identification.
- Align (Gap Assessment): ISO clause-based evaluation with evidence attachment, notes, and priorities.
- Toolkit (Document Generator): 100+ templates, placeholders, status workflow, export to Word/PDF.
- Narrator AI Assistant: GPT-powered, context-aware Q&A across policies and documents.
- Evidence Management: File uploads or external links (Jira/Confluence), control association, tracker view.
- Knowledge Base: Categories, tagging, visibility controls, full-text search.
- Governance Recorder: Upload audio, auto-generate minutes, extract actions, insert as evidence.
- Security: RBAC, RLS, encryption, audit trail, multi-tenant isolation on Vercel + Supabase.
- Pricing: Tiered plans (Starter, Growth, Enterprise) with AI and auditor features at higher tiers.
1. Compliance Assessment (Align)
- Visual dashboard with overall compliance percentage and status breakdown
- Section-level progress bars (Clauses 4-10, Annex A)
- Color-coded control status: Green (Aligned) | Red (Gap) | Yellow (Partial) | Gray (N/A)
- Evidence upload with secure storage
- Notes and priority levels (High/Medium/Low)
- Task assignment from control details
- Auto-save to cloud
2. Document Toolkit (Generator)
- 100+ pre-built ISO compliance document templates
- Organized by ISO clause structure
- Preview, Edit Instance, Edit Master modes
- Smart placeholders and status tracking
- Export to Word/PDF, full-text search, filtering
3. Evidence Management & Storage
- Secure, multi-tenant file storage with RLS and storage policies
- Company-based isolation and signed URL downloads
- Bulk ZIP export and Evidence Mapping Matrix (XLSX)
4. AI Evidence Analysis
- Summaries, findings, recency checks, satisfaction rating
- Confidence scores, gap identification, recommendations
- Vision OCR for images (OpenAI GPT-4o); AI credits enforcement
5. Governance Recorder
- Upload recordings; auto-transcription (Whisper)
- Maps to ISO 27001 Clause 9.3; generates MoM
- Action item extraction; one-click task creation
6. Task Assignment & Verification
- End-to-end tracking with maker/checker workflow
- Email notifications; verification queue and audit logging
7. Knowledge Base
- Files or links; categories, tags, search, versions
- Status and visibility controls; auto-refresh
8. Subscription & Pricing
- Tiered access (Starter, Growth, Scale) with usage enforcement
- Stripe checkout, billing history, AI credits accounting
9. Immutable Audit Logs
- Full-table change capture; read-only, tamper-resistant
- In-app viewer with filters; CSV export; 1-year retention
10. Auditor Mode & Evidence Export
- Time-boxed read-only; ZIP export with mapping matrix
- 24-hour signed URLs; separate audit log viewer
11. Company Settings
- Org details, standards, subscription, users/roles
- Independent saves and synced with audit data
Implementation Status
All core modules are implemented and production-ready, including RBAC, compliance assessment, evidence storage, toolkit, task workflow, knowledge base, subscriptions, AI credits, audit logs, auditor access, exports, consultant dashboard, meeting recorder, AI analysis, and policy rewriting.
Architecture & Security
- Multi-tenant with RLS; path-isolated storage
- Supabase Auth (email/password + MFA)
- Signed URLs; TLS; audit logging; robust validation
Tech Stack
- Framework: Next.js 14 (App Router) + TypeScript
- DB: Supabase (PostgreSQL)
- Auth: Supabase Auth
- Storage: Supabase Storage + Postgres metadata
- Styling: TailwindCSS + Lucide React
- AI: OpenAI (GPT-4o, Whisper)
- Payments: Stripe
- Email: Resend
- Exports: XLSX, jszip
- Charts: Chart.js
- Deploy: Vercel
Application Routes
Public Pages
- / (Landing), /login, /signup, /user-type-selection
- /pricing, /checkout, /checkout/success, /checkout/cancel
Company
- /dashboard, /align, /toolkit, /tasks, /knowledge, /settings, /audit-logs, /onboarding
Consultant
- /consultant/dashboard and /consultant/client/[id]/(align|toolkit|knowledge|tasks)
Auditor
- /auditor/dashboard
Admin
- /admin/dashboard and /admin/client/[id]/(align|toolkit)
API
- /api/checkout, /api/verify-checkout
- /api/tasks/(notify|verify)
- /api/knowledge/(upload|link|list|[id])
- /api/audit-logs, /api/audit-logs/export
- /api/auditor/(export-evidence|invite)
- /api/evidence/analyze, /api/toolkit/ai-rewrite
Data Model
Key tables (partial):
users
- id (UUID, pk)
- email (unique)
- full_name
- user_type (admin | consultant | company_user | auditor)
- role
- company_id (fk)
- subscription_tier (starter | growth | scale)
- subscription_status (active | cancelled | expired)
- auditor_company_access (UUID[])
- auditor_access_expires_at (timestamp)
companies
- id (UUID, pk)
- name, size, industry, business_function
- contact_person
- iso_standard
- onboarding_completed (boolean)
- subscription_tier/status, billing_cycle
- feature_flags (jsonb)
- storage_used_gb, ai_credits_used, ai_credits_monthly
- created_at, updated_at
... (audit_data, toolkit_docs, task_assignments, evidence_files, knowledge_base,
subscriptions, audit_logs, evidence_analysis)
Key Differentiators
- Hybrid pricing (customers + consultant partners)
- Maker/Checker verification and complete task workflow
- Secure multi-tenant evidence with AI analysis
- Audit-ready exports and immutable logs
- Production-grade payments, RLS security, scalable architecture
Support & Contact
- Website: narratecompliance.com/platform
- Support: support@narratecompliance.com
- Documentation: In-app help and platform pages