How forwarded documents become compliance evidence
[Compliance frameworks](/help/compliance-frameworks) explains what a framework tile shows and what its buttons do. This article goes one layer deeper: what actually happens between the moment you f…
On this page
What this article covers
Compliance frameworks explains what a framework tile shows and what its buttons do. This article goes one layer deeper: what actually happens between the moment you forward or upload a document and the moment a framework tile's score moves. There is no form to fill out and no checklist to tick by hand. You forward what you already have, IQ reads it, and it writes evidence into your compliance record on its own. This is the mechanism, described exactly as it runs.
Three things happen in sequence, every time a document lands in your account:
- A cheap relevance check decides whether the document is worth spending an evaluation on at all.
- If it passes, IQ reads the document against every control in your compliance framework catalog and scores how completely it addresses each one.
- Anything it finds gets written into your evidence record, one row per framework control, and that record is what the framework tiles and the framework detail panel read from.
None of this blocks your document from being ingested normally. It runs after the fact, in the background, and if any step fails or finds nothing, your document is unaffected. It just does not pick up a compliance score.
Step 1: The relevance gate
Not every document is a candidate for compliance scoring. An invoice, a job estimate, or a scope sheet should not spend an evaluation call, and should not clutter your evidence record with irrelevant rows. Before anything is sent to IQ, Verinode checks two things:
- The document's type. If it is already tagged as a safety policy, a safety program, a compliance document, a HazCom document, an SDS, a training record, a general policy, or an audit, it passes automatically.
- What is in the text. If the type tag is not conclusive, Verinode scans the document's text and its summary for language that shows up in real compliance evidence: hazard communication or HazCom, OSHA standard references, safety data sheets (SDS or MSDS), GHS labeling, a chemical inventory or chemical list, a written safety program, personal protective equipment (PPE), lockout/tagout, respiratory protection, bloodborne pathogens, confined space, fall protection, a named competent person, safety training, or a toolbox talk. A single hit on any of those is enough to pass.
A document with no text at all, or text so short it could not possibly describe a program (under about 40 characters), never reaches this stage regardless of its type.
If a document does not clear the gate, nothing happens. No evaluation runs, no row is written, and nothing is logged anywhere on your account. This is deliberate: a busy inbox forwards plenty of paperwork that has nothing to do with compliance, and this is the step that keeps IQ from wasting a scoring pass, and your evidence record from filling up with noise, on every invoice that comes through.
Note
The gate is about plausibility, not certainty. A document that mentions "PPE" once in passing still clears it, because the alternative, a document genuinely about respiratory protection getting skipped, is the worse failure mode. The next step, scoring, is where IQ actually decides how much credit a document earns.
Step 2: IQ scores it against every control, in one pass
Once a document clears the gate, IQ reads it against the full list of controls across every framework in your catalog (HazCom, the OSHA program suite, EPA RRP, fleet DOT safety, whatever has been seeded for your operation) in a single evaluation. It is not one call per framework. That matters practically: if you forward one thorough written safety program that happens to cover lockout/tagout procedures inside it, that single document can move both the written-program element on one framework and a related element on another, from one forward.
For each control, IQ returns a completeness score from 0.0 (not addressed at all) to 1.0 (fully addressed), plus a short one-line summary of what the document showed for that control. The instructions IQ works from are explicit about being conservative: only credit a control when the document genuinely addresses it, and when it is unsure, score low or leave the control out entirely rather than guess high. This is also where the boundary on what IQ is doing gets stated to the model directly: it is assessing document completeness for inspection-readiness, not certifying regulatory compliance. That is the same distinction the framework detail panel states on screen, "This is a completeness check, not a certification."
Only long documents are read in full up to a point: IQ reads roughly the first 14,000 characters of a document's text. For a normal written program or SDS sheet that is not a practical limit. If you are forwarding a very large binder (a full multi-chemical SDS library scanned as one file, for example), and only the front section is scoring, split it into logical sections before forwarding so nothing past that point gets missed.
Controls the document does not address are simply omitted from IQ's response, they do not come back as an explicit zero. Anything that does come back gets clamped into the 0 to 1 range and rounded, and any control with a completeness of 0 or less is dropped before it ever reaches your evidence record. A control your evidence record has no row for is read as "missing," the same as if IQ had explicitly scored it zero.
Step 3: What gets written to your evidence record
Every control IQ credits above zero becomes one row in your compliance evidence record: which framework, which control, the completeness (0 to 100%), a status word derived from that completeness (present at 80% or above, partial above 0%, missing at 0%, matching the same 80% bar the framework tiles use for "in place"), the one-line summary IQ wrote, which document it came from, and whether it arrived by upload or by forwarded email.
One rule governs every write: evidence never downgrades. If your record already has a control at, say, 90% completeness from an earlier document, and a new document only supports that same control at 60%, the new, lower score is not written. The existing 90% stands. A new score only replaces what is on file when it is at least as high as what was already there. Practically, this means the order you forward documents in does not cost you anything, an early thorough document is never quietly overwritten by a later partial one, but it also means a control will not drop just because a weaker document happened to mention it. If a framework tile's score does not move after you forward something, check whether that control was already scored at least as high from an earlier document.
The evidence you never have to forward
Two sources feed a control's completeness without you ever uploading anything for that specific control:
- An active HazCom training certification on a team member's record automatically satisfies HazCom's training element.
- An active safety policy filed under a framework-specific category (HazCom, lockout/tagout, confined space, fall protection, heat illness, emergency action, PPE hazard assessment, and fleet DOT safety) automatically satisfies that framework's written-program element. Frameworks whose policy category is too broad to point at one specific program (respiratory protection, hearing conservation, bloodborne pathogens) do not get this shortcut, a generic policy should not silently stand in for three different programs.
These two are computed live from your team certification and safety policy records every time your compliance page loads. They are not written into the same evidence record the ingestion pipeline writes to, so nothing about them depends on you having forwarded a document at all, and nothing about the ingestion path described above changes how they work. Compliance frameworks covers exactly how these two sources combine with your evidence record to produce each framework's score.
Nothing stays credited forever
A row in your evidence record is not permanent proof. If it carries an explicit expiration date, it stops counting once that date passes. If it does not, IQ applies a default validity window of about a year from when it was assessed before treating it as stale, at which point the control reverts to uncredited until fresh evidence lands. The same logic applies to the derived policy shortcut above: an active policy past its own review date stops satisfying its framework's written-program element. This is what keeps a framework's score a picture of your current state rather than a one-time checkbox that stays green on old paperwork. Compliance frameworks covers how this shows up on the framework tiles and what to do when a score drops with no new document forwarded.
Where you'll see it move
None of this pipeline has its own screen. Everything it writes shows up inside the Compliance frameworks row on /compliance: a framework's percentage score, its "X of N elements in place" sub-line, and, inside the framework detail panel, the specific control rows with their status dots and the plain-language summary IQ wrote for each one. If your operation has no framework catalog seeded yet, the row instead reads: "Framework readiness (HazCom, OSHA recordkeeping, EPA RRP) will appear here. Forward or upload your written programs, SDS library, and training records and IQ scores each element for you." In that state, the ingestion pipeline described here quietly does nothing even for a document that would otherwise clear the relevance gate, there is no framework definition yet to score it against. Once the catalog is seeded, the next relevant document you forward starts populating rows.
How to actually get credit
- Forward what you already have, in whatever form it exists. A scanned SDS binder, a PDF of your written HazCom program, a spreadsheet of training completions, an audit report from a carrier program. None of this needs to be reformatted first.
- Set up automatic forwarding for anything that arrives by email, audit notices, regulator correspondence, renewed SDS sheets from a supplier, so future documents feed this pipeline without you thinking about it. See Connecting your data and Forwarding documents for how to set that up.
- If a specific control keeps reading Missing, forward something that speaks to it directly rather than a general document you hope will cover it. IQ is instructed to be conservative, a document that only mentions a topic in passing will usually score low or not credit that control at all.
- If your written program is the gap, the framework detail panel's "Draft a starter program with IQ" button is the faster path than trying to write one from scratch, see Compliance frameworks for how the drafter works.
- 1Forward or upload a document, an SDS sheet, a written program, a training roster, an audit report, through email forwarding or the Add Data button.
- 2Verinode checks whether the document is plausibly compliance evidence, by its type or by language in its text, before spending an evaluation on it.
- 3If it clears that check, IQ reads it against every control across your framework catalog in one pass and scores how completely it addresses each one, conservatively.
- 4Anything scored above zero is written to your evidence record, without downgrading a control that already had stronger evidence on file.
- 5The next time you open Compliance, the affected framework tiles and their detail panels reflect the new evidence.
Data sources
Data sources
- 1.Documents you forward or upload (SDS sheets, written programs, training rosters, audit reports). Your business.
- 2.Team certifications and safety policy library (the two derived sources). Your business.
- 3.Compliance framework catalog and control definitions (HazCom, OSHA program suite, EPA RRP, fleet DOT safety). Verinode reference data.