the platform

Assessment
as a Domain-Specific Language

A universal framework that is composable, version-controlled, and context-aware. Describe models. Don’t implement them.

01 — the building blocks
Risk assessments share the same structure, regardless of domain — variables (questions), categories, calculations, ratings. So we built a domain-specific language around it. Four element types handle any risk domain:
Category
Groups related variables into logical sections.
"Geographic Risk"
Variable
Data points and inputs to collect.
"Is customer a PEP?"
Calculation
Formulas that compute weighted scores.
"(C1 × 0.6) + (C2 × 0.4)"
Output
Final risk ratings and classifications.
"Overall: High / Medium / Low"
02 — describe, don't build

Describe what not how

You define the risk logic — variables, weights, thresholds. The platform handles forms, scoring, reports, and audit trails.

traditional approach
// spreadsheet with hidden formulas
// emailed between departments
// no version history
// no audit trail
// change a weight? edit every cell
// new regulation? rebuild the sheet
// who approved this version? ¯\_(ツ)_/¯
riskpro
category  Geographic Risk
variable  Country of residence
variable  Jurisdiction type
calc     geo_score = country × 0.6 + jurisdiction × 0.4
output   Overall Rating
          < 8"Low" · < 15"Medium" · ≥ 15"High"

Change a weight, add a variable, update a threshold — the platform adapts instantly.

03 — the engine

You define the risk logic. We run it.

Your knowledge goes in. A working assessment system comes out.

you define what
Your Risk Logic
Variables, weights, rules, thresholds — your expertise, captured as a model.
data, not code
The Engine
Builds forms, runs calculations, enforces rules, generates reports.
platform delivers how
Working System
Forms, calculations, scores, reports, version history, audit trail.
04 — composability

Same four elements, any domain

Switch tabs. The structure never changes — only the variables do.

categoryStructural Vulnerability
variableExport concentrationmanual3
variableClimate & disaster exposuremanual4
calcstructural_score(export × 0.55) + (climate × 0.45)3.45
categoryAdvanced Model Inputs
variableComposite stress scoreexternal api6.2
variableGDP growth forecastexternal api-1.4%
outputSovereign Vulnerability Rating(structural × 0.55) + (advanced × 0.45)LowModerateHigh — 4.3Severe
categoryBusiness Structure
variableEntity typemanual4
variableOwnership complexitymanual5
calcstructure_risk_scoreentity_type + ownership_complexity9
categoryBusiness Activity
variableIndustry sectormanual3
variableCross-border activitymanualYes
calcactivity_risk_scoresector + IF(cross_border, 3, 0)6
outputCorporate Risk Ratingstructure_risk + activity_riskLowMedium — 15High
categorySecurity & Data Protection
variableSecurity certificationsmanual5
variableData access levelmanual3
calcsecurity_risk_score(6 - certs) + access_level4
categoryFinancial Stability
variableFinancial healthmanual4
variableCredit ratingexternal api3
calcstability_score(6 - health) + (6 - credit)5
outputVendor Risk Rating(security × 0.55) + (stability × 0.45)Low — 4.5MediumHigh
categoryProcess Risk
variableControl effectivenessmanual4
variableError frequencymanual2
calcprocess_risk_scorecontrols + errors6
categorySystems & Technology
variableSystem reliabilitymanual3
variableCybersecurity posturemanual4
calcsystems_risk_scorereliability + cybersecurity7
outputOperational Risk Rating(process × 0.5) + (systems × 0.5)LowMedium — 6.5High
05 — pluggable data sources

A pluggable data orchestration layer

Inputs don't have to be manual. Pull data from anywhere through a unified provider interface. Integrate outputs from specialized models — including econometric forecasts or macro-risk indicators — directly into platform assessments. Assessment models stay agnostic to the source.

Manual Input
User fills out forms
Traditional questionnaire
Upstream Assessments
Pull from parent or related assessments
Reuse data, avoid re-entry
Internal Modules
Fetch from other platform modules
Screening, compliance, training
External Providers
Pull from third-party services
Credit bureaus, registries, etc.
Assessment Model "What data do I need?"
Provider A
Internal
Provider B
External Provider
Provider C
Upstream
Unified Data Model All sources → same structure

Add new data sources without changing models. One assessment, multiple sources, zero manual ETL.

06 — version control

Version-controlled
risk logic

Risk models evolve. Every version is tracked, every assessment is linked to the model that produced it, and historical data stays valid.

v1.0 · published
Vendor Risk Assessment
Security & data protection, financial stability, compliance — 12 variables, weighted output
v2.0 · published
+ Business Continuity category
New variables: disaster recovery, SLA history, geographic concentration. Formula reweighted. 400 prior assessments stay linked to v1.0.
v3.0 · draft
External data source integration
Bind credit rating variable to external provider instead of manual entry. Under review — not yet affecting live assessments.
v2.0 still runs
New assessments use v2.0 while v3.0 is in review
v1.0 assessments remain valid and queryable. No data loss, no forced migration.
immutable runs Every execution is a snapshot — full input/output state, frozen in time
audit trail Every assessment linked to the exact model version that produced it
lifecycle Draft → review → published → archived. Only published versions run against live subjects.
07 — data-driven everything

Same engine,
any change

Every adaptation is a data change, not a code change.

New assessment?
Define elements.
zero code changes
New industry?
Swap the variables.
same engine
New calculation?
Update the formula.
UI adapts automatically
New regulation?
Adjust thresholds.
instant deployment
08 — scalability

The abstraction doesn't break as you scale

horizontal
Any domain
The same abstraction handles KYC, vendor risk, operational risk, credit risk, IT security — anything with variables and scores.
KYC vendor-risk operational credit IT-security
vertical
Inexhaustible use cases
Start with 5 variables and basic formulas. Grow to 500 variables with complex ML models. Same platform, same abstraction.
5 → 500 variables basic → ML models same platform

A single abstraction. Applied systematically.

Ready to see it
in action?

We'll walk you through the platform architecture and show how it maps to your risk domain.

Audience Risk leads, compliance teams, CTOs, ...
Book a walkthrough