Skip to content

IntroductionΒΆ

Here is a technical summary of the Statement of Work (SOW) with a focus on delivery artefacts, functional requirements, and non-functional requirements.

  • Compliance Framework Itemisation Artefact: Deliver a structured decomposition of the CISPE Cloud Switching Framework into measurable compliance controls enabling automated assessment and explainable scoring.
  • Compliance Control Matrix: Produce a validated compliance matrix mapping framework clauses to assessment criteria, forming the foundational dataset used by the AI compliance evaluation engine.
  • AI Model Benchmarking Pack: Deliver a model evaluation framework including benchmark datasets, metrics, test scenarios, prompts, and performance comparison results across multiple models.
  • Multi-Model AI Integration: Implement a system capable of evaluating three open-weight LLMs (LLaMA, Mistral, Qwen) for classification, information extraction, and reasoning tasks related to regulatory compliance analysis.
  • Model Selection Recommendations: Produce a technical report providing quantitative and qualitative comparison results, configuration guidance, and recommended models for production deployment.
  • Web-based Compliance Self-Assessment Tool: Develop a web interface allowing cloud service providers (CSPs) to upload compliance evidence such as policies, contracts, SLAs, and certifications.
  • Automated Compliance Evaluation Engine: Implement AI-assisted processing to analyse uploaded documents and evaluate compliance against framework controls.
  • Confidence-Based Compliance Scoring: Generate automated results using a traffic-light scoring model indicating compliance confidence and review needs.
  • Explainable Compliance Reporting:Produce detailed reports containing overall compliance scores, control-level evaluation results, evidence traceability, and identified non-compliance issues.
  • Git-based Repository Platform: Implement the PoC UI and workflow within a GitLab-based environment supporting document uploads, access control, and event-triggered processing pipelines.
  • Containerised Deployment Artefacts: Deliver Docker images, Docker Compose configurations, and containerised components enabling local or cloud deployment of the PoC environment.
  • Pilot Deployment Plan: Provide documentation describing pilot validation strategy, operational scope, evaluation criteria, and onboarding of CISPE member testers.
  • Handover Documentation & Runbook: Deliver a technical runbook and operational documentation enabling CISPE to operate, extend, and deploy the PoC environment.
  • System Architecture & Deployment Constraints: Ensure EEA-hosted inference endpoints, explainable AI outputs, prompt-injection resilience testing, and modular architecture ready for multilingual expansion, while acknowledging that the PoC is demonstration-level and not production-optimised.