Aiko+ is the AI assistant built into the Acuna platform. Ask it a question in plain language and it answers from your own data, telling you which module the answer came from. It drafts the first pass on supplier evaluations and framework mappings, with a confidence score on every suggestion, and your team confirms or overrides each one. The AI does the reading. The accountable judgment stays with you.
3 suppliers are currently below grade C: Vendor A (D), Vendor B (D+), Vendor C (C-). All three have active assessments in progress.
What is Aiko+?
Aiko+ is the AI module of the Acuna GRC platform. Its assistant, Aiko, sits on every page and answers questions about your compliance, vendor, and privacy data in plain language, grounded in your own records and tagged with the module each answer came from. It also proposes first-pass supplier assessment evaluations and cross-framework mappings, each with a confidence score for a human to confirm. Aiko never acts on its own: it suggests, your team decides. It respects every user's existing access permissions, sends only the data a feature needs, and can be turned off for the whole organisation in one setting.
Your compliance data is all there: which suppliers are below grade, which DSARs are overdue, what a breach at one vendor would expose, who owns which control. But pulling it out means navigating, filtering, exporting, and reading. Mapping a new framework to your existing controls is a manual crosswalk in a spreadsheet. Evaluating a returned supplier assessment means reading every answer and every attached file line by line. The information exists; the time goes to retrieving and reading it. Aiko+ does the retrieving and the first-pass reading, so your team spends its time deciding.
Ask instead of navigate.
"Which suppliers are below grade C?" "Which DSARs are overdue?" "What's exposed if this vendor has a breach?" "What does Marie own?" Aiko answers in plain language from your live data and shows which module it drew on, so you can trust and trace the answer.
Evaluate by review, not by reading from scratch.
On a returned supplier assessment, Aiko reads every answer and the evidence files and proposes a per-question evaluation with a confidence score. Your evaluator reviews and confirms, instead of reading the whole questionnaire cold.
Map frameworks by approval, not by hand.
When you bring a new framework into scope, Aiko proposes links between its requirements and the controls you already run, each with the reasoning for the match. You approve or ignore, instead of building the crosswalk from a blank sheet.
Find accountability in a question.
"Show me the controls Alex reviews." "What is the Compliance Manager responsible for?" Aiko answers from your own ownership records, so audit-prep questions about who-owns-what take a sentence, not a search.
Plain-language answers about your data.
The Aiko button sits in the corner of every page. Ask about your Supplier Shield and Data Privacy data, supplier ratings, assessment progress, processing activities, DSARs, breach windows, and Aiko answers from your live records. Every answer carries a badge showing which module it came from, and cross-module answers show both. The window resizes from compact to wide and remembers your preference.
First-pass supplier assessment evaluation.
On an assessment in evaluation, ask Aiko to evaluate. It analyses each answer and the attached evidence, including documents and PDFs, and proposes a per-question evaluation with a confidence score. A human evaluator confirms or overrides every suggestion. Progress shows live as Aiko works through each question, and you can stop it at any time.
Cross-framework mapping suggestions.
When mapping requirements to the measures and controls that satisfy them, Aiko proposes matches, each with a confidence score and an explanation of why it was suggested. You apply or ignore each one. The manual crosswalk becomes a review queue.
Accountability and ownership answers.
Ask who is accountable for what across your management system and Aiko answers from your own staff and role records. If more than one person or role matches, it asks you to clarify before answering.
AI in a compliance tool only earns its place if you stay in control of it. Aiko+ is built around that.
A human confirms every suggestion.
Aiko proposes evaluations and mappings with a confidence score. Nothing is applied until a person reviews it. The AI does the first pass; the decision and the accountability stay with your team.
It only sees what the user can.
Aiko respects each person's access permissions. It never surfaces an object someone couldn't reach by navigating to it themselves.
Sensitive privacy data stays minimal.
When you ask about DSARs or breaches, Aiko answers from metadata only: counts, deadlines, status. It does not repeat a requester's name, email, or message body. Each feature sends only the data it needs to do its job.
You can switch it off entirely.
AI features are enabled or disabled for the whole organisation in one setting, and individual capabilities can be gated per user. With AI off, the suggestion buttons disappear and no data is sent to any AI service at all.
A generic AI assistant guesses from general knowledge. Aiko reasons over your own connected GRC data, the same graph that links your frameworks, controls, suppliers, processing activities, and people. That is why it can tell you what a breach at one vendor would expose, or which third parties handle personal data for your high-risk processing activities: the relationships are already in the platform, and Aiko reads them. Answers are grounded, traceable to a module, and bounded by your permissions. Built and operated inside a Swiss-hosted platform, by a company run by GRC operators.
Aiko+ is governed from one place. Turn AI on or off for the organisation, and gate individual capabilities, such as who may run supplier evaluation, per user through access profiles. A usage dashboard shows input, output, and total consumption against your monthly budget, with a clear indicator of how much remains, so AI spend is visible and bounded rather than open-ended.
Head of Compliance.
Turn manual framework crosswalks into a review queue, and answer "who owns this control" in a sentence when an auditor asks.
CISO / TPRM owner.
Get a first-pass evaluation on every returned supplier assessment, and ask what a vendor breach would expose across your programme.
DPO.
Triage privacy work by asking which DSARs are overdue or which breaches are still inside their notification window, answered from metadata, without exposing requester details.
Aiko draws on Supplier Shield for vendor and assessment data, Data Privacy for processing activities, DSARs, and breaches, and your framework and control records across the core platform, all bounded by each user's permissions.
Frequently asked
Get started
Bring a real assessment to evaluate or a real framework to map, and we will show how Aiko proposes and your team confirms, live.