AI add-on

    Anzen Extract

    AI-powered drafting of controls and policies from your documents

    What is Anzen Extract?

    Anzen Extract is an optional AI add-on that turns a policy or compliance document into drafts in your workspace. From the Controls page it drafts structured controls (with categories, frequencies, framework mappings and auditor test scripts); from the Policies page it drafts a full policy (title, framework, version, summary and ordered sections with clause references). Upload a PDF, DOCX or ODT, and within a few minutes you get drafts to review. You review and edit every draft before anything is saved.

    How it works

    Extract drafts controls from the Controls page and policies from the Policies page. The controls flow is a five-step wizard:

    1. Welcome. A short overview of what Extract does and how your data is processed.
    2. Upload. Drag in a PDF, DOCX or ODT (max 20 MB). The file is stored in your workspace's encrypted upload area.
    3. Extract. The document is read and a draft list of controls is built. You can leave the page; results wait for you under Controls › Library › View imports.
    4. Review. Each extracted control appears as an editable card. Edit titles, descriptions, test scripts; pick a category from your tenant's category tree; include or exclude individual drafts.
    5. Confirm and import. A summary screen shows how many drafts will be created and how many you excluded. Click import and the selected drafts become real controls in your workspace.

    Supported documents

    • PDF, DOCX, ODT up to 20 MB per upload.
    • Multilingual. Output stays in the document's source language. A Dutch policy yields Dutch controls; an English policy yields English controls. Frequency and category values are always English (they're system enums).
    • What works best. Structured policies with numbered sections (ISO 27001 statements of applicability, NIS2 control catalogues, internal security policies). Free-form prose still works but produces fewer, broader drafts.

    Choosing a detail level

    On the upload step you pick a detail level from 1 to 5. The level caps how many controls the model is allowed to return - useful when a 90-page policy would otherwise produce 80+ drafts you don't want to review.

    • Level 1 - Highlights only (max 5). Top-level control statements only, ideal for executive summaries or a fast first look.
    • Level 2 - Key controls (max 10). The most material items. Good for short policies or a first-pass review.
    • Level 3 - Standard (max 15). Balanced coverage. The default for typical policy documents.
    • Level 4 - Detailed (max 20). Thorough extraction for audits or longer policies.
    • Level 5 - Comprehensive (no cap). The model decides how many controls the document warrants. Can produce a lot of drafts on a long document.

    If the model returns more than the chosen cap, Anzen Extract trims to the cap before the review step, keeping the highest-priority drafts. The level you picked is recorded against the import for audit traceability.

    What you can edit before import

    Every extracted draft is a card you can adjust:

    • Title, description, test script. Free-text fields, edited inline.
    • Frequency. Mapped to your workspace's frequency enum (daily, weekly, monthly, quarterly, yearly). Anything the AI emitted that doesn't fit (continuous, ad-hoc, semi-annually) is left blank for you to pick.
    • Category. Pick a tenant category from a flattened tree. The AI's free-text suggestion is shown as a chip for reference but never auto-creates categories.
    • Framework mappings. ISO 27001, NIS2, DORA references the AI identified are appended to the control's source reference on import.
    • Include / exclude. A checkbox per draft. Excluded drafts are kept in the import history but never become real controls.

    Pricing

    Anzen Extract starts free, every workspace can extract their first 5 documents at no cost. To keep using it after that, activate the add-on at €99 / month, billed in addition to your plan. Activation is self-service from the Add-ons page; cancellation takes effect immediately and stops further charges. Each add-on is billed on its own monthly invoice, anchored on the day of activation. Failed extractions don't count against your free quota.

    Tips for good results

    • One framework per document. Splitting ISO 27001 and NIS2 into separate uploads usually produces cleaner mappings.
    • Review carefully. The AI is good but not perfect. Excluding ambiguous drafts is faster than fixing them later.
    • Use the test scripts as a starting point. They're decent first drafts but auditors will want context specific to your environment.
    • Re-run when policies change. A re-import on the same file gives you a fresh diff to compare against.