Compliance Audit

The compliance audit endpoint uses LLM analysis to evaluate an AI system against a specific compliance framework. Returns detailed findings, gap analysis, and actionable recommendations.

POST/v1/audit

Run compliance audit

Run an LLM-powered compliance audit for an AI system.

Required attributes

  • Name
    system_name
    Type
    string
    Description

    The AI system to audit.

  • Name
    framework
    Type
    string
    Description

    Compliance framework to audit against.

Optional attributes

  • Name
    context
    Type
    string
    Description

    Additional context about the system architecture, data flows, or deployment.

  • Name
    scope
    Type
    string
    Description

    Audit scope: full (default), quick, or deep.

Request

POST
/v1/audit
curl -X POST https://api.governlayer.ai/v1/audit \
  -H "X-API-Key: gl_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "system_name": "claims-processor",
    "framework": "HIPAA",
    "context": "Processes insurance claims with PHI data. Uses GPT-4o for summarization."
  }'

Response

{
  "system_name": "claims-processor",
  "framework": "HIPAA",
  "compliance_score": 72,
  "findings": [
    {
      "severity": "high",
      "control": "164.312(a)(1)",
      "title": "Access Control",
      "finding": "PHI data transmitted to third-party LLM without BAA in place.",
      "recommendation": "Execute Business Associate Agreement with OpenAI or switch to self-hosted model."
    },
    {
      "severity": "medium",
      "control": "164.312(e)(1)",
      "title": "Transmission Security",
      "finding": "API calls to LLM provider use TLS but lack additional encryption layer.",
      "recommendation": "Implement end-to-end encryption for PHI payloads before LLM transmission."
    }
  ],
  "summary": "System has moderate HIPAA compliance. Critical gap: no BAA with LLM provider for PHI processing.",
  "timestamp": "2026-04-25T15:00:00Z"
}
GET/v1/audit-history

Get audit history

Retrieve past compliance audit results.

Optional parameters

  • Name
    system_name
    Type
    string
    Description

    Filter by AI system name.

  • Name
    framework
    Type
    string
    Description

    Filter by framework.

Request

GET
/v1/audit-history
curl -G https://api.governlayer.ai/v1/audit-history \
  -H "X-API-Key: gl_your_api_key_here" \
  -d system_name=claims-processor

Response

{
  "data": [
    {
      "id": "audit_001",
      "system_name": "claims-processor",
      "framework": "HIPAA",
      "compliance_score": 72,
      "findings_count": 5,
      "timestamp": "2026-04-25T15:00:00Z"
    }
  ]
}

Was this page helpful?