Launch of 'RiskLoom™', an AI-Powered Security Policy Document Diagnostic Service

■ Background

In recent years, cyber security risks surrounding companies have become increasingly sophisticated and complex. To address this, various ministries and public organizations have issued security guidelines defining the security standards that companies and organizations must meet.

Many organizations develop their internal security policies by referencing these guidelines. However, verifying whether measures are fully compliant and maintaining security standards continuously places a significant burden on limited security personnel, often leading to reliance on the experience and interpretation of individual staff members.

As a result, it is difficult to objectively and continuously grasp the status of compliance with guidelines. Furthermore, for consulting and security service providers, ensuring the quality, reproducibility, and accountability of document review tasks has become a major challenge due to the increasing number of guideline-related projects.

Thus, the document review process itself, which supports guideline compliance, suffers from structural issues such as being highly dependent on individuals and difficult to scale—a challenge shared by both general enterprises and support service providers.

■ Service Overview

RiskLoom is a security policy document diagnostic service (patent pending) designed for general enterprises and consulting/security support providers. By simply uploading document files such as security policies and procedure manuals, the AI analyzes and visualizes compliance status against various guidelines and identifies potential risks.

Supported guidelines include global standards such as ISMS and CIS Controls, as well as industry-specific guidelines issued by ministries for financial institutions, local governments, and medical institutions. Additionally, it incorporates the latest draft evaluation criteria for the "Supply Chain Strengthening Countermeasure Evaluation System," which the Ministry of Economy, Trade and Industry aims to launch in March 2027, making it useful for self-inspections and preparation for future evaluation systems. For general enterprises, it serves as a tool to support internal guideline compliance and self-auditing.