Live compliance and technical quality scorecard for the catalogue. Tracks clause-level regulatory coverage across 60 frameworks and per-category quality grades across all use cases. Built for auditors validating coverage claims, programme managers tracking compliance posture, and contributors gauging catalogue health. Every number is computed automatically by CI from the source JSON — no manual editing.
Global rollup
loadingFour headline metrics summarise catalogue health. Clause coverage is the percentage of common regulatory clauses addressed by at least one use case. Priority-weighted adjusts that by clause importance, so high-priority gaps weigh more. Assurance further discounts by evidence strength — a clause only fully counts when backed by strong provenance. Tech quality is the weighted composite across all use-case categories (references, freshness, MITRE mapping, samples, and more). Together they answer: how much of the regulatory landscape do we cover, and how trustworthy is that coverage?
Compliance coverage
Clause-level regulatory coverage across 60 frameworks. All three percentages are computed by
scripts/audit_compliance_mappings.py against data/regulations.json
and stored in reports/compliance-coverage.json. Methodology is documented in
docs/coverage-methodology.md.
By tier
Per regulation
| Regulation | Tier | Version | Clause % | Priority % | Assurance % | Clauses |
|---|
Audit findings
Snapshot from the most recent scripts/audit_compliance_mappings.py run. Findings are
structural validation results (clause grammar, regulation references, tier classification). New errors
fail CI; baselined warnings are tracked separately.
Technical quality (per category)
Per-category quality grade across six dimensions (references, provenance authority, freshness,
known false positives, MITRE ATT&CK coverage, sample fixtures). Generated by
scripts/generate_scorecard.py; methodology in
docs/scorecard.md.
| Cat | Name | UCs | Refs % | KFP % | MITRE % | Prov. | Samples % | Composite | Grade |
|---|
Machine-readable artifacts
Every percentage on this page is computed from these static files. Fork the repo, diff the JSON, or wire them into your own CI to gate builds on compliance posture.
-
reports/compliance-coverage.json
Per-family, per-tier, per-version clause/priority/assurance percentages plus golden test results.
-
reports/compliance-gaps.json
Detailed per-regulation clause drilldown — which clauses are covered, which are still gaps.
-
api/v1/compliance/coverage.json
Stable, versioned JSON:API facade over the coverage metrics. Semver-governed.
-
api/v1/compliance/gaps.json
Gap report in the stable
api/v1/shape. -
scorecard.json
Technical quality scorecard — per-category Gold/Silver/Bronze composite data.
-
data/regulations.json
60 regulations with tier, jurisdiction, clauseGrammar, common_clauses and priority weights.
-
docs/regulatory-primer.md
Plain-language regulatory primer — 15 families, 12 tier-1 deep dives, full-34 appendix.
-
docs/evidence-packs/
Auditor-facing evidence packs for the tier-1 frameworks (GDPR, HIPAA, PCI DSS, etc.).
-
docs/compliance-coverage.md
Human-readable compliance coverage report — narrative companion to the JSON metrics above.
-
docs/compliance-gaps.md
Human-readable clause-level gap report — per-framework tables showing which clauses are covered and which remain gaps.
-
docs/scorecard.md
Technical quality methodology — six dimensions, grade bands, and the composite scoring formula.