This episode explores how AI is reshaping governance, risk, and compliance by eliminating manual drudgery and delivering evidence-based, automated recommendations. Hear how Eve’s purpose-built AI platform is already transforming how organizations approach third-party risk, compliance audits, and ESG reporting.
Governance, risk, and compliance (GRC) has long been burdened by heavy manual processes, slow assessments, and limited visibility. In this Brand Story episode, Sean Martin and Marco Ciappelli are joined by Anders Søborg, Co-Founder of Eve, and Mark Humphrey, who brings two decades of fraud and cybersecurity experience to the team. Together, they unpack how Eve is challenging traditional GRC tools by offering something entirely different: automation with evidence-based intelligence at its core.
Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve’s mission. He describes a world where compliance doesn’t have to mean complexity. Eve’s AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.
This isn’t about replacing people. It’s about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.
More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.
The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?
Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99
Note: This story contains promotional content. Learn more.
Guests:
Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/
Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/
Resources
Redefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1ml
Learn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrc
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
[00:00:00] Sean Martin: Marco Sean. Story time, my friend.
[00:00:05] Marco Ciappelli: It is story time and as you know, and everybody knows the first chapter, it's, you know, it's the one that it makes me feel like, do I wanna keep reading this book or not? Like you, you be, you better have a good beginning of a story. I know.
[00:00:18] Sean Martin: And I, I think we're gonna get that, uh, that good beginning.
[00:00:21] Marco Ciappelli: I think so. No pressure on our desk, no pressure on the guest.
[00:00:24] Sean Martin: Exactly. Joining us, uh, late in the evening from the other side of the pond of the US at the moment, and, uh, two different countries, but, uh, global perspective on, uh, GRC and, and many things surrounding that. I'm thrilled to have Anders and Mark on.
[00:00:42] Sean Martin: How are you guys?
[00:00:45] Anders Søborg: Good, thank you. Thanks.
[00:00:47] Sean Martin: That's good. Very good. Good to have you. I'm excited to hear your, your story and, and the journey that you're, uh, you're taking with, uh, Eve, GRC, and, uh, but before we get into the topic [00:01:00] of, uh, how the company was founded, why I was founded, and all that good stuff, uh, maybe a few words from, from you Anders, and then, uh, kinda your journey leading up to Eve and, and then, uh, mark, we'll hear a few words from you.
[00:01:14] Anders Søborg: Sure. Absolutely. And, and thanks again also for taking the time and inviting us, inviting us in. It's important for us, of course, as, as being a startup to get an opportunity like that. Um, I think if you go and also look at me and my co-founders journey, the last 20 years we've been working as many others in GSE, I've been in Big four.
[00:01:35] Anders Søborg: As very young then I've been in chief risk officer in global companies, one of them with more than half a million people servicing global pharma companies, banks, sitting the bar high with increasing regulations for governance risk and compliances. I've seen and had teams and also myself, of course, working in the old regime with very manual and heavy, uh, work to, uh, to show [00:02:00] compliance control work.
[00:02:02] Anders Søborg: Um, to be audit ready, both for clients and also regulators. Uh, and then we really wanted to, when we started Eve to change that we wanted to give something back. We wanted to automate. And with AI now being at a different level completely, we basically wanted to create, uh, a body to, uh, to risk and compliance and first line, second line or third line people.
[00:02:26] Anders Søborg: And that's what has been important for us. So that's where we started out. Uh, and you can kind of say Eve is, uh, is eating up the TSE pyramid from the bottom, uh, helping with some of the manual work, helping with the control evaluation, but also helping with providing transparency to, to leaders and boards.
[00:02:46] Anders Søborg: And we succeeded with that. But it's not only for enterprises, it's also for, uh, for partners, for advisors and auditors, um, which might have been a little bit behind the curve when it comes to automating. [00:03:00] But that's really what we wanted to do. So really we are two founders who've been working, uh, a lot. I wouldn't say the, the impolite word for that, the French word.
[00:03:12] Anders Søborg: Working a lot to really get things done, improving processes, risk management and all of that. And now we saw the opportunities to really give something back. To get it automated and, um, apparently, um, uh, we are one of the first, and we also recognized for that by global companies and, uh, a global, uh, advisory and insurance companies as before who are using our solution.
[00:03:36] Anders Søborg: So, so that's the story. We are really people who, who felt the pain, uh, of having to, uh, follow regulations and customer regulations and the trend within GSE. Uh, and now the time has come actually to completely change that round. You know, both of you, Marco and, and Sean, that the people working within GSC is, uh, is blamed often within organizations from [00:04:00] looking down into the table, spending too mi much time on, found finding gaps and issues and not providing enough help without stepping out of their role, whether they are second line risk compliance size, or officer, or whether they're a third line internal audit.
[00:04:16] Anders Søborg: But really. With an AI as ours, not hallucinating, there's a completely new world opening up for them to actually help, uh, and provide the sufficient guiding coaching without, uh, moving out of their role. And that's, that's the, that's the history. I've been Chief Risk Officer, um, my co-founder has been Chief Audit Executive.
[00:04:39] Anders Søborg: I've been partner in Ernst and Young in Scandinavia for TSC and, uh, third party risk management and after that for risk management in p WC and for sustainability reporting and compliance. You know, that's been a big thing over here in Europe. Uh, and all of it, to be honest, except for getting a little bit of help [00:05:00] from reporting GSE system for data collection and reporting.
[00:05:04] Anders Søborg: You know, all of it is manually, we want it not to stop it, but we want it to. Not disrupted, I don't wanna call it that. We wanna empower it or power it with something. We was strong created by people with super experience and didn't get it out there. That's what we did, and that's also what we are still on the journey to do.
[00:05:28] Anders Søborg: So I'm excited. I think it's a completely new world. I think, uh, companies should not be afraid, uh, of the AI risk, uh, if it's managed rightly by risk professionals as we are. It's safe and it's rocking their world. Sorry for the long intro, but I'm really excited and I, I feel strongly about, uh, you
[00:05:50] Marco Ciappelli: may you make our job a lot easier.
[00:05:52] Marco Ciappelli: That's right. So, no, no worries about that. And, uh, we share the,
[00:05:55] Sean Martin: share the passion for sure. I,
[00:05:57] Marco Ciappelli: I think in both knowing Sean and [00:06:00] myself, uh, we do have already a lot of questions, but before, before we go there, mark, um, a little introduction about yourself and, uh, how did you start working with Enders here?
[00:06:13] Mark Humphrey: Well, you know, to, to make it short, I, I have about two decades of experience in, uh, fraud prevention and cybersecurity and, you know, we all get hit up by headhunters and all that. I got one day an email and the email was, uh, I don't know, it just seemed different. It seemed special. And I got a call with, um, and Andrews, I had the pleasure to speak with him.
[00:06:37] Mark Humphrey: And instead of a simple pitch about the product and you know, I make type of thing, um, Anders was more interested in my family and my person and, uh, you know, we, we, we create so often this stamp on companies that are, you know, we are a family. But, uh, for the first time listening to [00:07:00] Anders and, um, his energy, his, his love, and the, the pain he went through to, to create this.
[00:07:07] Mark Humphrey: Uh, I knew I was in the right spot. I mean, you guys have both been in Luca, you spend evenings with my family, you know, and it was a pleasure. Again, thank you Sean, you know, for introducing us to, to Jill and, um, Marco meeting you the first time. But you guys know where I come from, right? So no bullshit. Um, full of heart and supporting, you know, ideas that matter.
[00:07:31] Mark Humphrey: And when I spoke to Anders the first time, I realized that this is a person who. Not only thought about the product, he is been there. I've spoken to so many CISOs and you know, we talk about, you know, training the teams, you know, being out there. But there comes a point where they also, you know, open up and say, listen man, our compliance team.
[00:07:55] Mark Humphrey: At that point, I had no, you know, connection to companies that could [00:08:00] do what Eve does. And, um, having the talk with Anders was like, no ego, um, a family, a true family, you know. Connection that we extend to our clients. So we, we are basically a family. We work together. We, you know, there's no here or he, there's no nothing.
[00:08:20] Mark Humphrey: You know, Anders is no ego. Whatever he can do, whatever call he can jump on matters. And the same thing matters to us for our clients. So if somebody's in France and says this and, Hey Mark, um, I'm working on a manufacturing, uh, consultancy. You worked in manufacturing before there, there's no ego, there's no, there's no, you know, we want to do the best for the people that need Eve, and once I had the chance to walk through and to visualize Eve and understand Eve's.
[00:08:59] Mark Humphrey: Positivities [00:09:00] compared to what I've heard from CISOs. I know this was a company to be there. There's heart, there's, uh, you know, there's ideas. There's, um, a company that is, um, just unique. See, I'm knocking words simply because I've never seen this to the case of sales. So I'm really, really proud and happy to be a part of, uh, Ander's journey and, uh, hopefully to be a part that will make a difference.
[00:09:28] Marco Ciappelli: I love that. I love that. I agree. And that that will be the world we, we all wanna live in, where we can work and, and have respect and friendship and still make a lot of good stuff happen. Yeah. So let, let, let, we'll go back to you, mark, uh, soon enough. But I, I wanna go to Anders. 'cause for me being somebody that look at, um, technology from a societal perspective, and, and you kind of mentioned there, you know, AI is still in that.
[00:09:54] Marco Ciappelli: No, it is not the uncanny valley, but there's still this perception is it's gonna get our jobs, it's going [00:10:00] to do the right thing, it's going to hallucinate, it's going to change the way we live. When and are you realizing if you are at the right time in the right place and this is the right time to start trusting AI to help, not to take over the job, but to help to accomplish.
[00:10:22] Marco Ciappelli: Uh, many of the tasks that we find ourself, uh, having to deal with.
[00:10:29] Anders Søborg: Well, first of all, I just need to comment also on Mark. Uh, I got up at four o'clock this morning, not because I wanted to, because I couldn't sleep because we had one of the biggest global pharma companies in the world wanting to use our solution because they were drowning in, in Word. But it, it also relates to what you said, Marco.
[00:10:51] Anders Søborg: Uh, when I think, um, we sat down and then we were discussing what would really help, [00:11:00] uh, compared to both, uh, second line and, and third line. But I also been in, out in the industry, I was, uh, uh, interim, uh, chief Operating Officer. So in the company with, uh, more than 60,000 employees, and that's where you really get your hands dirty.
[00:11:18] Anders Søborg: We really, really wanted to get something who, uh, could release the heavy duty of everything related to GSE. And we all know the heavy lifting doesn't lie with the risk alone. It also lies with the people who have to actually do the job, get things done, implemented. So when, when AI took off, let's just say in around two years from before now, we were thinking, could you, could we tame it?
[00:11:48] Anders Søborg: Could we avoid the hallucinations? Could we enhance it so it actually knew the stuff? And a lot of things have happened since then. I recognize that and it didn't. But let's also be [00:12:00] honest, it doesn't know what it doesn't know. And the expertise within, uh, information security, cyber resilience, it's not publicly available information.
[00:12:10] Anders Søborg: So these large language model, how on earth were they gonna know what good practices? And we said, okay, let's do that. Let's develop that. Let's get rid of the hallucinations. Let's get an upgraded agent or agents, because it's not just agent. Let's overlay agents on agents. So we get both an expert in risk and compliance, an agent in assurance slides, audit, bring it together.
[00:12:35] Anders Søborg: Let's train them in the, in the good practice, not only the ISOs, but also the operational practice. Let's bring our, our friends in the consultants. And let's get them to fuel and power up AI or several AI agents. So when you use it, you don't only get evaluation of whether you're compliant, you also get recommendations.[00:13:00]
[00:13:00] Anders Søborg: That's what we wanted to do, and that's what we started out in February last year in 2024. In September, 2024, we launched an AI agent who could evaluate more than 1100 controls or requirements in less than 15 minutes, better than five, six years. Experience big four consultants, not that that's the bar, but also giving recommendations.
[00:13:24] Anders Søborg: And then we continued on the back of that. That's really, uh, the, the engine we wanted created and what we are moving towards. I'm not saying. I don't know whether we'll get there. That's what we're working for. We're building a factory for all GSE professionals, whether, whether they're within cyber, um, more operation risk or other things where they can go, come with their frameworks, their own controls, get it, uh, get it set up in in our eve, uh, and get the help they need.
[00:13:58] Anders Søborg: Uh, not only for the gap [00:14:00] control work, but also actually for the. What should I do when something is missing? Um, and also how do I reduce, uh, my internal audit, but also external audit costs. So, so that was where we started. And, uh, and then things, a lot of things since happened then. And we have, we have clients and I, I have a few, uh, funny stories, uh, to, well, funny and also good stories to tell because it is working.
[00:14:28] Anders Søborg: We also have tons of clients who sell off. Well, we have this AI team. They say they can develop everything, but do they really wanna go into developing AI agents for something that is as complex as, um, as the frameworks within GSC? Do they wanna maintain them when the regulations is, uh, is changing all the time?
[00:14:50] Anders Søborg: And do they wanna become a software company? Uh, we have become it, and we are, we are proud of it. And we have some of the leading organization. So that's, [00:15:00] that's, that's kind of where we departed from, uh, and where we are right now. Um, and we are talking to some of the biggest players within GSE, uh, cyber and TPM, who we are working on integrating our model.
[00:15:14] Anders Søborg: Uh, obviously because as you might know, they don't have this, they are still from a technology point of view, uh, in whether you call it second or third generation, GSE cyber TPM solution, they are focused on the workflow. They're not focused on actual the brain, if I can put it that way. So the expertise of actually telling is this okay or not, and what should we do?
[00:15:40] Anders Søborg: And that's what we focused on. That was kind of the. The, the gap, which we saw and also what we felt when we were in operations. So, and that's really, that's our focus. We don't want to compete against, uh, diligent ServiceNow and others. Uh, we wanna help them and, and people who have needs, which we all [00:16:00] have actually getting a solution that works, uh, but which has been tested.
[00:16:05] Anders Søborg: Uh, radically. So you'd end up in, don't end up going, uh, coming up with recommendations or gap, which is unreliable. That's also why, uh, Microsoft, which we build it in, is so keen on helping us, uh, uh, succeed and has selected us as a growth account, uh, in, uh, in Europe right now.
[00:16:27] Sean Martin: Yeah. And, and I wanna touch on something, 'cause you and I have a similar background in terms of, uh.
[00:16:33] Sean Martin: I'll say nerding out on on GRC. So many, many know I was involved in building a sim around 20 years ago, but I was also involved in, uh, acquiring and building GRC technologies for the same company I worked for. And I've seen an evolution. Um, as in many things, tech and cyber and, and risk and compliance, um, where it's more systems, more data, more [00:17:00] stakeholders, more complexity, more work, more, uh, you know, stakeholders.
[00:17:04] Sean Martin: Again, what are you, who are you delivering it for? Why are you delivering the outcomes of this stuff? And you, you mentioned this pyramid at the beginning. I'm wondering if you can kind of describe the pyramid and perhaps the workflows you also mentioned, uh, where you kind of fit in to help. Not just achieve compliance, not just drive business decisions around risk, but also actually help the company, um, achieve what they're trying to achieve.
[00:17:33] Anders Søborg: A, a absolutely. Uh, so, uh, the pyramid, of course, you have someone who need an executive summary, but to, uh, to get that for decision purposes and everything everyone is talking about and enterprise risk, GSC is there to support decision and driving. Um, and supporting, uh, a sustainable business and a reliant business.
[00:17:54] Anders Søborg: But it doesn't happen without the proper risk assessment, the proper knowledge of actually how [00:18:00] you are performing from a risk and compliance perspective. And that's today is done semi manually. I know within financial controls and others, it's, it's getting more and more automated, but in reality, a lot of it is manually.
[00:18:14] Anders Søborg: So let's just be honest in first line. So in the process function. They're relying on manual assessment. So that's a dropdown. How Reliant is a dropdown for a self assessment, one to five with some wording. Imagine if you could have that automated based on evidence. So an AI actually evaluates how close am I to the desired position with the documentation I have, and that's exactly what we have created, uh, for the bottom of the pyramid.
[00:18:44] Anders Søborg: Then on the second level, so in the pyramid. That's the second line. Uh, and third line function, going in and evaluating control, assessment, testing, and so on and so forth. We have that. And then of course, the, the highest [00:19:00] level, which is the management information, that's the, that's the dashboard, that's the bi.
[00:19:06] Anders Søborg: But imagine if you have that based on evidence. It's an evidence based approach. It's ai. If it's not there, it doesn't approve it. And all regulations. Almost since the GDPR wave has moved towards evidence based, so you also need to be able to demonstrate it to regulators, and that's what our AI does. Now imagine you had a GSE set up, whether it's cyber or anything else, where your cockpit as a company is based on evidence, whether it's extracted from systems, and our AI is then evaluated based on API extract.
[00:19:44] Anders Søborg: Or whether it's actually submitted evidence. And that's basically what we have built short. So it's, it's not a traditional human interpretation also outside the organization right now we are working with huge, both [00:20:00] financial and non-financial institution, around third party risk management. And you know what, I have a chief, uh, supply chain officer.
[00:20:12] Anders Søborg: Who's waiting right now because we are doing a proof of concept, we are gonna do the work for 15 full-time employees following up on third parties. Because our AI is not sending out questionnaires, this third parties will get access to it directly, upload the evidence of compliance within cyber and resilience, and the AI will instantly tell where they are and if they're missing stuff, it would actually tell them what to do.
[00:20:40] Anders Søborg: So that's not the traditional GSP in my view, but that's what I would've loved to have 6, 7, 8 years ago. But if you asked me three years ago, I would've said, get out of here. That doesn't exist. You imaginating and um, or you are [00:21:00] gonna use RPAs like simple robots. But that's not what we are dealing with, uh, right now.
[00:21:08] Marco Ciappelli: So talking about that, maybe, maybe Mark, you can jump here if, if you want to, or, and there's, are you in a situation where companies in, in different verticals are aware of what is possible? Or are you still breaking the news to them, the IQ contact them and say, look, you are running into all this problem when it comes to G-R-C-E-S-G.
[00:21:31] Marco Ciappelli: We can help. And, and is the reaction like, oh, I didn't know about that. I mean, are, are you like early educating or there is already a demand for what you're doing?
[00:21:44] Mark Humphrey: Well, I think that Eve as a product is um, you know, is an early demand pe many people don't know that, you know, there is something out there that can assist and, um, that's very important to understand.
[00:21:58] Mark Humphrey: So. We, [00:22:00] we have a great team of consultants. You know, we're building an incredible, um, partner, um, system where, where we say, you know, you have a seat at the table. You're gonna be a part of us. You know, we will look for you, you will. You will learn from us. And, um, the product that we have developed that, uh, Andes has developed with this team is incredible.
[00:22:28] Mark Humphrey: You know, I, I've had so many talks in the past, you know, selling, um, I. Certificates for cybersecurity and so on and so forth. And, and when, when you sit in a call with a cso, the call is about, you know, you know, great, okay, so we're gonna do this, we're gonna do that. We're do this. But you know, mark, man, if we had somebody that could help us with this, and that is where Eve comes in.
[00:22:52] Mark Humphrey: Eve is an incredible product. If it is something that, you know there, there's product Similar [00:23:00] Tree, but that do not have. The full spectrum that we offer. And you know, I think that is, um, what is important and that is what, you know, will make e grow and, and become one of the most important, uh, um, compliance products in out there.
[00:23:20] Mark Humphrey: So, yeah.
[00:23:22] Sean Martin: And anyways, I wanna take this moment. Um. Perhaps to Abby Share is there, if you could pick one example that that kind of either encompasses what Eve does for an organization. I'd, I'd love to hear a story about an outcome where a team was struggling. Uh, maybe Mark has some, some to share here as well.
[00:23:42] Sean Martin: But, uh, a team is struggling. Uh, team is buried. Executives weren't getting what they want, what they need. Auditors were, were scrambling to, to help the company achieve a level of compliance with more multiple regulations or what have you. And then you came in [00:24:00] and helped unlock things, jump hurdles, move faster.
[00:24:04] Sean Martin: You need share a story like that?
[00:24:06] Anders Søborg: I would love to Sean, and thanks for that. Well, I have a few ones. Let me just talk. With a corporate one for an enterprise clients. Uh, we were, uh, talking and also working with a financial services institution, a tier one bank, uh, where we, uh, were engaging with the chief compliance officer.
[00:24:25] Anders Søborg: Obviously, our product is relevant for chief compliance officer. They need to change everything, but it's a re relentless work and it's heavy. It's basically with new resilience framework coming out in Europe around cybersecurity and re resilience. We had a, a, a call and talk also with the chief Information security officer.
[00:24:44] Anders Søborg: And also, to be honest, he was saying, I don't believe it. I don't believe AI can do this, but let's do a proof of concept. So that was not the best start of, uh, a potential, uh, partnership. Um, but he also said, let's [00:25:00] have the legal, uh, one of the legal senior experts, uh, compare you AI analysis related to information security.
[00:25:08] Anders Søborg: Um, to what it, what it should be. So let's him review and then three days after and, um, three days, nothing. And even though the illegal expert, he was saying pH, that was really, really tough, uh, because it takes a lot of time to do this analysis we were just doing. One documentation up against the regulations, so the controls and um, and the senior legal expert says, whoa, it's really, really detailed.
[00:25:36] Anders Søborg: U ai. Yeah. I said, and I, and then I said, yeah, because we told it to be, if you want me to change it so it prioritizes certain aspects, we can do that. Then what happened in the meeting was the chief information Security officer, no, not the chief information security officer, but the CIO. He said, this is amazing.
[00:25:53] Anders Søborg: So everything we've been. We've been fearing and we are fearing with ai, with these general models, with [00:26:00] hallucination. You kind of fix that. I said, yeah, that's what I told you in the first meeting. And then he said, and turn to the chief compliance officer. We should use this for everything. And he said, yeah, we are gonna, we are gonna use it for resilience.
[00:26:12] Anders Søborg: We regulations in Europe. We are gonna use it for contract evaluation, for the outsourcing contract. We're gonna use it for third party waste manage. And he said, no. Then I could see, uh, the head of the chief compliance officer, she's a really, really strong chief compliance officer. She was kind of paused and just said, what do you mean?
[00:26:31] Anders Søborg: Well, he said, no, I don't mean, I don't mean just this. I mean everything. So after that, he pulled me in. To a meeting and say, I want GDPR, I want this, I want this, my team is hurting. And, and that's the journey we are on. So, and that's also what Mark was diluting to before we do partner up with our clients because we wanna follow them.
[00:26:53] Anders Søborg: So if a lot of them are saying security, security control framework, GDPR, we can set it up in [00:27:00] weeks because we have the agents who are strong enough. We spent more than a year creating those. Uh, another story is, uh, is KPMG. You should imagine that they and also other big four have created this and automated, they haven't.
[00:27:15] Anders Søborg: They have within certain domains, and I know as, uh, but they have not. They're now using our AI for assurance and consultancy. One task, which is of course one of the biggest. They used to spend 120 hours on reviewing certain documentation. Now our AI does it in 15 minutes. That's more than 350 pages, and then they spend four to five hours Validating and validating is important because that's the good practice when you use ai and then they're sending it to their clients and it comes with a track record of where our AI has found the good stuff, and our AI even gives them the documentation.
[00:27:56] Anders Søborg: So that's two examples of how powerful AI [00:28:00] can be. You if you use it right. And not just rely on, I guess the, the ones we all have access to. So, um, I don't know, I just, I
[00:28:09] Marco Ciappelli: wanna, I wanna go right there. Uh, and if you don't mind, because when I look at the Gen AI and the AI. There's always that risk, like where is the data gonna go?
[00:28:21] Marco Ciappelli: The privacy, talking about GDPR in Europe, of course, very relevant, but also very relevant even when there is not A-G-D-P-R. 'cause if the data of your customers, your documents are gonna go public on an open, you know, system, it doesn't work. So I wanna ask you this, like, first of all, the, the advantage of being able to resolve the hallucination by.
[00:28:46] Marco Ciappelli: I'm assuming creating a knowledge base that is very funnel, uh, into, into what the, the AI needs to do, what shouldn't do. I'm, I'm assuming in a very simple term that's what it is, but you can explain me a little bit better, [00:29:00] and then I'm, I'm thinking the capacity of customizing the AI according to the customer and the needs that, that you're dealing with.
[00:29:10] Marco Ciappelli: So maybe you wanna touch a little bit on that. It is not just the. One solution for all and it, it is gonna fit you well, or it's not. But this is really, really customized.
[00:29:20] Anders Søborg: Oh. Uh, and that's, that's, uh, that's absolutely spot on Marco. And, um, and also what we, we talk about every day with the customers and potential customers.
[00:29:31] Anders Søborg: If we start with the information security. We know the risk of ai. Um, and also for personal data. My, my co-founder, he's been leading some of the biggest, um, uh, data protection, uh, programs in Europe for GDPR. So we know in depth what it takes and also the risk. So we dealt with that. Our ai, if we just very simply, it's built in, uh, in Microsoft Azure, and then you get.
[00:29:56] Anders Søborg: If you use it right, some of the advantages of of Microsoft, [00:30:00] which means that we can move the data anywhere and we can change the, also the period in which it's, it's told, uh, secondly, it's not learning anything. So it's, I'm not gonna call, it's a, it's an AI who, without a memory, we trained it outside, it comes in, does the job, doesn't remember anything, and the retention period of the document and the analysis.
[00:30:22] Anders Søborg: We can change that up and down. Now that's one side and that's also why we have been able to, uh, and been so lucky to deliver both to big four global pharma companies and banking. We all know those are some of the industries which has the highest level of information security. Um, and then how we set it up in terms of premises.
[00:30:43] Anders Søborg: Uh, we get the benefit of what comes with Microsoft, uh, which is, uh, it's, uh, it's an advantages. That's why also we choose that as a, as our platform. Now, on the, on the other hand, in terms of customization, yes, we come with standards, uh, which are driven [00:31:00] by either the global standards. Like ISO 20,001, SOC two, so you don't have to, who wants to prepare for SOC two by doing self-assessment where you can just upload everything and then within a day or two, you know how far you are and it's telling you how to improve your documentation.
[00:31:17] Anders Søborg: And also it reduces your audit fee because your auditors will know exactly where to look. But if you have specific requirements, we a, we made you a specific model. Which means that we tweak the, let's call it checklist control catalogs. We tweak that. That's the advantage of us. That's also the advantage of, we have some of the, some of the not, I'm not gonna say global experts, but we do have some very senior executive.
[00:31:46] Anders Søborg: We have sizes. We have chief risk officer, chief audit of officers, chief compliance officers who have been in the game for many years. So we are not sitting with programmers or developers on its own. [00:32:00] Our AI is not getting out of the door speaking, uh, in plain language without senior executives within the, the, the risk area have been following, uh, anything that has been developed.
[00:32:13] Anders Søborg: So if you wanna have a kind of your framework as a client, if it's within a, a risk area like information security, where our, where our AI is extremely strong. It can be one or two weeks, but you can't even get A-A-G-S-E system up and running in one or two weeks. If you just want to use kind of the global frameworks we have set up, you can be live in half an hour.
[00:32:37] Anders Søborg: Okay? We have to set up the location and the users. That's one day, one and a half day. You get 80% efficiency. You get quality improvement, you get recommendations, you get a dashboard. Where do you get that? In other traditional GSE platforms, and that's basically what we created. Of course, we don't have the workflows like sending out request, but we can give [00:33:00] everyone access with limited access.
[00:33:02] Anders Søborg: Right. And we don't have the action plan management, but we do have API. So if people have a traditional GSE, which I really, really, uh, believe is uh, is needed, uh, we just API in and then we go and then they have end-to-end GSE. Automated, but as I said before, they should obviously do sample testing because it's a probability model, uh, which is the foundation of artificial intelligence.
[00:33:32] Sean Martin: Yeah. You just led me to my question, and funny enough, I'm sitting here and I'm thinking earlier you mentioned we need to validate, and in there I'm, I'm gonna suggest perhaps that we also need to challenge, right. And. For, yeah, for the organization to trust what's coming out of your system. And so my question to you is, how, how and where should an organization [00:34:00] begin working with you and your team and your technology to do some of the early validation challenge?
[00:34:10] Sean Martin: Look at the outcomes to the CRE. We do all this manual stuff, which it sucks, but we're comfortable with it 'cause we know what happens. And we perhaps alongside use your, your system and model to achieve maybe even a, a better result, um, and faster time with fewer resources. How, how and where should an organization start?
[00:34:34] Sean Martin: Is it something they, they really care about? Is it a particular part of the business? Is it. Particular system or a particular framework or particular re regulation? How? How do you see that working?
[00:34:47] Anders Søborg: Perfect, uh, question. And that's also what we discussing because, um, but what we say is often fine where you have a pain, where you are understaffed or where you wanna do better.
[00:34:57] Anders Søborg: Often it's within the new frameworks. And of course [00:35:00] now we are set up in Europe. So we started with the European new regulations like, uh, niche two, Dora. Uh, the ESG framework for, uh, sustainability. Uh, but, uh, very soon, um, in, uh, in Q3, in 2025, we will come with secure control framework, nist, and, uh, and the financial reporting controls.
[00:35:20] Anders Søborg: Uh, imagine what that will do to the world and the workload of people. But what we start is we pick one, let's just pick one of those. We have like ISO 20,007, uh, 2020 7,001. Let's take one. Let's take some sample, our third party risk management for critical IT providers. We'll set you up that, um, a few minutes.
[00:35:46] Anders Søborg: You'll, uh, you'll do your proof of concept, and then you'll see for yourself how much better it is than, uh, than, uh, what you do manually.
[00:35:54] Sean Martin: That's fantastic. And when and when, um, when you're working the organizations, how do, [00:36:00] how do you, what does the conversation sound like for scoping and who's involved from a stakeholder, stakeholder perspective? 'cause is. Clearly GRC and, and, and looking at risk across the organization touches a lot of departments.
[00:36:15] Sean Martin: Um, so how do you, how do you work with the right team members and stakeholders to ensure that there's alignment and, and buy-in from, uh, from everybody? That needs to be? I,
[00:36:27] Anders Søborg: that's a really, really interesting one, and that's changing a lot because traditional GSE Cyber and TPM solution often have, uh, kind of the, the owner organization.
[00:36:37] Anders Søborg: Uh, CIO, siso, chief Risk Officer, uh, third party risk management team, and so on, so forth. Uh, but that's changing. So, um, we actually had discussions with, with some of our clients, or not discussion, they were having internal discussion, who should own this? Because it gives the result where you are. So is it a first line tool, second line [00:37:00] tool, or third line tool?
[00:37:01] Anders Søborg: It actually doesn't matter. What we say is, let's get it. Let's just show that it works within one domain. Of course. Who is interested in risk and compliance? It's the risk team, it's the compliance officer, it's the ci o and that's often where, where we start. Let's just show one. But I can tell you the ones that loves it the most.
[00:37:22] Anders Søborg: Of course it's the second line team, but then it's even more the first line, the process owner, it's whether it's hr, it's uh, IT or anyone else. They love it. They don't light all these control self-assessment, access stations, and audit. Suddenly part of going through that, it's not disappearing out in the blue, but it's, it's being eliminated to, uh, to fractional compared to what they've been used for.
[00:37:50] Anders Søborg: Plus, remember, our AI also gives audit track. So it tells where you are compliant with what. So if you have internal audit, external audit, you get [00:38:00] it, uh, served. And you get recommendations. So that's also changing, uh, uh, Sean and, and Marco. And I think it will change even more, uh, the three lines of defense.
[00:38:12] Anders Søborg: Uh, I like them personally and I've been working in them. Uh, but how the data and the documentation of, uh, GSE and compliance is being, uh, populated, that's changing with AI for sure.
[00:38:27] Marco Ciappelli: I think there is a lot has been changing with AI and uh, it's, it's amazing how much when we do this kind of conversation, we, we, we, we learn from each other and it open our mind.
[00:38:37] Marco Ciappelli: So what I hope is that as we always, uh, hope actually with ITSP magazine is that people listening to this. Not only they get answers, but they create even more questions and they go deeper into what the solution could be and the way they're running their business. And of course, they can get in touch with you, with Mark, which talking about [00:39:00] technology, uh, is connection drops.
[00:39:02] Marco Ciappelli: So, but it will be, uh, listed in the, in the comments below so that the people can get in touch with the. With Mark and, uh, and of course with you on there. So I want to thank you very much for all of this, and I hope we're gonna have many more conversation as we move forward. It is always great to connect with fellow European, and, uh, and you know, it, it's, it's a transatlantic, transatlantic conversation, right?
[00:39:27] Marco Ciappelli: There's not a a, a business that is just in one place or in another. We are in a. And a global economy. And, uh, and, and one solution is gonna offer in cybersecurity and, and G-R-C-E-S-G to benefit everybody. So with that, I wanna thank everybody. Keep following us with the brand stories and Anders thanking you so much for taking the time and explain all the beautiful thing that Evolve Solution does and, uh, in particular Eve.
[00:39:55] Marco Ciappelli: We'll, we'll mediate. Thank you both. Sometimes I guess
[00:39:57] Anders Søborg: you will, you will. And, uh, and also [00:40:00] obviously we are not doing this alone. And then now Mark had to jump out. Uh, that's what, that's a risk. That's business. Uh, continuity. Yeah. But, but of course what we are keen to do is of course partner up. Um, that's, we are not doing this alone.
[00:40:13] Anders Søborg: And you can imagine one plus one might be three if you are professional services. Um, or a consultancy or a TSE or TPM solution? We are talking to the biggest of the biggest right now in terms of integrating, uh, because they don't have it and everyone knows, um, they have chat bots. Uh, some of them have a little bit more.
[00:40:35] Anders Søborg: Um, and we have Eve and, um, others will have something similar. And, uh, that's okay because, uh, as I said in the beginning, uh, we are risk professionals and we wanna help risk professionals and it needs more than one company or maybe two, um, which might be the case right now. To actually change the game, uh, for how to, uh, to demonstrate and work with GSC, [00:41:00] um, and not, uh, having to do a lot of manual work.
[00:41:03] Anders Søborg: So, thank you both Marco and Sean. Sean, I look forward to, uh, to maybe connect again. Yes, absolutely. US or, or in Europe. Uh, it's been great, uh, being able to, uh, to participate today.
[00:41:16] Sean Martin: Yep, definitely. And we, we will connect again online for sure. Uh, I know we're lining up a webinar where we'll, we're gonna get into, uh, the solution a little bit more.
[00:41:25] Sean Martin: Might even get a demo maybe here directly from a partner and or a customer. So I'm excited to get that scheduled, uh, here in the next couple weeks. And, uh, any, any chance I can nerd out on, on risk and, uh, certainly risk and all the, the broader GRC for sure, but certainly risk. I'm happy to do that. So thanks Anders.
[00:41:45] Sean Martin: Thank you.