The EMERALD Compliance-as-a-service Workflow

The EMERALD Compliance-as-a-service Workflow

by Angela Fessl (KNOW) at 25 November, 2025

The EMERALD project aims to make the complex world of cybersecurity certification easier to navigate. To do this, we are designing a user interface (UI) that guides our target users through all stages of an audit, from defining high-level requirements to exploring specific technical details in policies, system documentation, as well as source code and configuration files.

In Work Package 4 (WP4), we worked closely with both the pilot partners and technology component owners to understand what support they need during their certification processes. Through interviews and different types of workshops, we identified three main areas – or visualisation streams – that structure the EMERALD interface:

  • Stream 1: Certification Schemes: This area allows users to upload, browse, and compare certification schemes. It supports mapping controls and metrics within a scheme (Figure 1) , the mapping of controls to control across different schemes, creating custom schemes, and downloading existing ones.
  • Stream 2: Targets of Evaluations: Here, users can define what will be certified (for example, a cloud service), connect it with the right evidence extractor tools, and manage access rights for team members (see Figure 2).
  • Stream 3: Audit Scopes: This stream brings everything together, combining targets of evaluations and certification schemes to form an audit scope. Users can view assessment results, assign compliance tasks to colleagues, and create self-assessment questionnaires and reports when required (see Figure 3).

In addition, the EMERALD UI provides tools for metrics management, user management, and self-assessment questionnaires, making the audit process more transparent and collaborative.

By structuring the interface around these key activities, EMERALD transforms the certification process from a complex technical challenge into a guided, user-friendly experience, helping organizations stay focused on quality, compliance, and continuous improvement.

Figure 1: Mapping the Controls and Metrics within a schemeemerald_caas_2

Figure 2: Target of Evaluation Information Overviewemerald_caas_3

Figure 3: Audit Scopeemerald_caas_4

[ TECHNICAL ADVANCEMENTS ]