Gemara (Juh-MAH-ruh)

GRC Engineering Model for Automated Risk Assessment

Gemara provides a logical model to describe the categories of compliance activities, how they interact, and the schemas to enable automated interoperability between them.

In order to better facilitate cross-functional communication, the Gemara Model seeks to outline the categorical layers of activities related to automated governance.

The Three Components

Gemara delivers three core components that work together to support automated GRC:

The Model

The foundational layer model that describes the six categorical layers of GRC activities. This model is stable and rarely changes, as it reflects the longstanding reality of GRC activity types.

Provides the conceptual framework for understanding how different types of compliance activities relate to each other. Establishes the six layers: Guidance, Controls, Policy, Evaluation, Enforcement, and Audit.

The Lexicon

A comprehensive set of definitions that extend the model, helping teams agree on terminology across different activities and organizations.

Establishes stable definitions for compliance activities, describes their interactions, and provides standards for term usage.

The Implementation

Schemas and SDKs that extend the lexicon into machine-readable formats and tooling to accelerate automated tool development.

Provides CUE schemas for validation and Go SDK for programmatic access. Active development area.

Quick Start

Choose your starting point based on your needs:

All three components work together - you’ll likely use elements from each as you work with Gemara.

Real-World Usage

Gemara is being used today in production environments: