Each is supported by domain-tuned routing, a panel matched to the field, and a body of real-world verifications you can audit.
Vendor onboarding policies missing Art. 35 DPIA requirements. Internal AI use policies aligned to outdated framework versions. BRIDGE knows the current versions of every major framework and flags the gaps that audit comes for.
All third-party AI systems processing customer data must be reviewed annually with a DPIA per GDPR Article 35 and approved by the CISO with current SOC 2 Type II attestation on file. Approved systems listed in the enterprise AI registry maintained by InfoSec.
F-01 · Missing DPIA requirement (GDPR Art. 35). F-02 · Current SOC 2 Type II not mandated.
GDPR Art. 35 DPIA for high-risk AI. SOX 404(b) for sub-issuers. HIPAA §164.308 admin safeguards. The ones policies skip.
NIST 800-53 Rev 4 when Rev 5 is current. ISO 27001:2013 when :2022 supersedes. Auto-flagged.
Policies that name a control but not the evidence trail. BRIDGE proposes the minimum artifact set.