The gap analysis and heatmap views answer two questions at once: where do we stand against every framework, and where will one piece of work move the most needles?Documentation Index
Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
Use this file to discover all available pages before exploring further.
The heatmap
Each cell in the heatmap is one requirement × one framework. The colour is the status:| Colour | Status |
|---|---|
| Green | Met |
| Yellow | Partial |
| Red | Gap |
| Grey | Out of scope |
Gap analysis
The gap analysis is the heatmap pivoted: list of all open gaps, sorted by remediation impact.Sort options
| Sort by | Use for |
|---|---|
| Cross-framework impact | Maximise leverage. Default sort. |
| Severity | Tackle the worst gaps first. |
| Estimated effort | Quick wins first. |
| Framework | Scope to one auditor’s view. |
What “impact” measures
A single requirement’s impact iscount of frameworks affected × max severity. So an EU AI Act high-severity gap that also fails NIST and ISO 42001 outranks an isolated low-severity gap, even if the latter looks scarier individually.
Reading the heatmap
Look at the row's colour pattern
A row red across all three columns is high-leverage. A row red in one column only is framework-specific.
Click the cell
Each cell drills into the requirement detail — backing controls, current evidence, what’s missing.
Take action
Either provide manual evidence, schedule an assessment, or fix the underlying telemetry/policy that drives the control.
Exporting
Both views support PDF and CSV export. The exported gap analysis is the format most GRC teams paste into their tracking tool.Related resources
Evidence
The mechanism for closing manual-evidence gaps.
Compliance overview
Per-framework views the heatmap aggregates.