Skip to content

Featured Search

Smart enough to help. Safe enough to trust.

Cognita by Protecht.

Cognita is your intelligent AI assistant for risk and compliance. Backed by the trust Protecht has earned with businesses, regulators, and central banks worldwide, Built into Protecht, it identifies gaps, guides users in real time, interprets reports and analytics across your environment, and reduces administrative burden so your organisation can act with clarity and confidence.

Book a free demo

With Cognita, Protecht is transforming risk and compliance into an AI-powered discipline: a world where intelligent automation doesn’t just analyse data, but actively strengthens decisions, safeguards your organization, and keeps you ahead of evolving risks.

What is Cognita?

 

Cognita combines deep risk expertise with proven AI safety to deliver intelligent assistance and insight you can actually trust, built to enhance decision-making, not disrupt it.  

  • Risk expert-led: Not generic AI but designed by risk professionals, delivering trusted, authoritative answers
  • Safe and transparent: Results you can verify, with guardrails for accuracy and control
  • Purpose-built for GRC: Embedded within Protecht, Cognita guides users at the point of work, analyses scheduled reports to surface key themes and takeaways, and improves engagement, clarity and decision-making across your organization. 
cognita-screenshot-assistant-only-slightly-larger

Discover Cognita's AI features.

Don’t let a missed incident become a headline.

 

Cognita helps you capture complete, high-quality incident data, eliminate duplicates, and turn reporting into meaningful insight, so you can prevent recurrence and strengthen controls before risk escalates. 

  • Natural language guidance that helps users log incidents quickly, accurately and consistently 
  •  AI-supported incident review and actioning to accelerate investigation, resolution and accountability 

You set the standard. Cognita helps your team meet it.

 

Cognita acts as your extended coaching bench, providing just-in-time guidance at the point of work and transforming reports into clear, actionable insight, so your team can focus on stronger risk leadership. 

  • Embedded guidance on risk and compliance concepts, grounded in Protecht’s proven methodologies 
  • Intuitive step-by-step navigation through forms, helping users complete tasks accurately and consistently 
  • Access to Protecht’s expert-led training, industry frameworks and thought leadership, integrated directly into the workflow

Preconfigured content - for a turnkey launch

Optimise your risk management at the click of a button. Set up and maintain your ERM system with Marketplace: preconfigured registers, dashboards and reports.

Popular register packages for IT risk management

ISMS Control Library – ISO 27001

Provides a Control Library in line with the ISO/IEC 27001:2022 standard. These controls can be downloaded into the central library and tailored specifically to your organisation. The controls are also mapped to controls in SOC 2 Trust Services Criteria, NIST CSF and APRA CPS234, allowing customers to save time determining overlap in their implemented controls.

ISMS Control Library – NIST CSF v1.1

Provides a Control Library in line with the NIST CSF control framework. These controls can be downloaded into the central library and tailored specifically to your organisation. The controls are also mapped to controls in SOC 2 Trust Services Criteria and ISO 27001, allowing customers to save time determining overlap in their implemented controls.

ISMS Control Library – NIST CSF v2

This package provides a NIST CSF 2.0 Control Library in line with the NIST CSF v2 control framework released in Feb 2024. These controls can be downloaded into the central library and tailored specifically to your organisation. Protecht has also provided a mapping to other common ISMS industry standards/frameworks like SOC 2 Trust Services Criteria and ISO 27001.

ISMS Control Library – SOC2 POF & TSC

Provides a Control Library in line with the SOC 2 criteria. The SOC 2 POF (Point of Focus) control library has been designed by Protecht as suggested controls to comply with the SOC 2 TSC (Trust Services Criteria) requirements. These controls can be downloaded into the central library and tailored specifically to your organisation. The controls are also mapped to controls in NIST CSF and ISO 27001, allowing customers to save time determining overlap in their implemented controls.

ISMS Control Library – APRA 234

Provides a Control Library in line with the APRA CPS 234 prudential standard. These controls can be downloaded into the central library and tailored specifically to your organisation. The controls are also mapped to controls in ISO 27001, allowing customers to save time determining overlap in their implemented controls.

ISMS Registers and Dashboards

Streamlines data capture and reporting to help organisations manage:

  • Controls, statements of applicability and assurance activities

  • Conducting and overseeing IT risk assessments

  • Asset and application risks and health assessments

  • Cataloguing, reviewing and approving policies, policy exceptions and documents

  • Minimising disruption from incidents

  • Visibility of ISMS actions

  • Capturing of exceptions with the policy and documents register

  • Generating risk reports for risk events and ISMS risk entries of interest

ISMS - Security Calendar

Systematically capture and track important security events such as penetration test due dates, cryptographic key renewals, and audits. The ISMS Security Calendar register and dashboard allow you to:

  • Assign ownership and due dates to key events

  • Report on status of events and their completion

  • Provide a centralised repository of important security events

CISO Dashboard

Presents key information from the ISMS registers providing an overview of:

  • IT controls

  • IT risks and drilldown details

  • IT assets and their status

  • IT policies and policy exceptions

  • Helps the user to report on the IT risk posture of the organisation and inform decisions regarding cybersecurity and ISMS strategy.

image (58)-20260223-225546

Turn reporting into decision-ready insight. 

 

Cognita elevates your reporting from static dashboards to clear, structured insight, helping leaders understand what matters, why it matters, and what to do next. . 

  • Automatically generate clear, executive-ready summaries from dashboards and reports, translating data into structured narratives that articulate your current risk posture without manual effort 
  • Surface what requires attention by identifying unusual values, concentrations, and emerging trends, then prioritising the most critical areas of concern  
  • Deliver consistent, board-ready communication that reduces cognitive load for stakeholders, presenting complex risk information in a clear format grounded in trusted, governed data  

 

See Cognita in action!

Cognita is now available in Protecht. We're excited to offer demonstrations to customers and prospects.

Register your interest, and we'll be in touch to arrange a suitable time to show you how Cognita can improve your approach to governance, risk, and compliance management.

AI roadmap. Planned Cognita features.

Agentic automation

Agentic AI to automate tasks and workflows in areas such as vendor risk management and business continuity management

Integrated with email and chat tools to bring AI-powered actions into daily work

Richer insights

Unlock more action-oriented insights through advanced analytics and trend analysis

Regulatory intelligence

Transform regulatory and compliance content into clear requirements, obligations and controls

Detect emerging compliance changes and convert them into actionable tasks

Frequently asked questions about Cognita and AI in governance, risk and compliance (GRC):

 

Cognita is Protecht’s purpose-built AI for governance, risk, and compliance. Unlike general-purpose AI tools, Cognita is grounded in Protecht’s trusted methodologies and authoritative GRC content, ensuring responses are aligned with real-world compliance practices and your organisation’s data.

Cognita works directly within the Protecht platform, securely interpreting information in context, rather than generating generic responses.

 No. Cognita is designed to support your teams, not replace them.

It automates repetitive tasks, improves the quality and consistency of records, and explains complex data in clear language, allowing your teams to focus on oversight, judgment, and decision-making.

 

Cognita acts as an intelligent assistant, guiding users with clear, contextual explanations as they complete tasks. This helps users work accurately, follow best practices, and produce higher-quality information without needing deep GRC expertise. 

Yes. Cognita is designed with guardrails to ensure all suggestions and responses are transparent, verifiable, and grounded in your data and the information available in the Protecht platform.

Whether Cognita helps users complete an incident register, explains risk and incident information, or generates summaries for scheduled reports, it focuses on clearly explaining what the data shows. All AI-generated content is clearly identified, can be reviewed and edited by users, and never bypasses existing permissions or controls.

Cognita does not make decisions or take action on your behalf. Your teams remain in control, with human review and approval built into every interaction.

Cognita adheres to ethical AI principles, including human-in-the-loop oversight. All AI-generated outputs are subject to user review, ensuring accountability and control remain with your organisation.  
Yes. Users can always edit, reject, or override suggestions. Cognita never enforces decisions or makes changes without user approval.  

Yes. Your data is encrypted, hosted in your region, and never used to train third-party AI models. Cognita only accesses data required to deliver the requested functionality. duce risk exposure immediately. 

No. Cognita works with enterprise risk and compliance data. Sensitive personal identifiers, such as credit card numbers or government IDs, are automatically redacted.  

Each customer operates in a private, single-tenant AWS environment. No data is shared between customers.  

Cognita supports auditability through a combination of platform audit logs and clear labelling of AI-generated content. Protecht records user actions taken on records and workflows, and where AI-generated text is used, it is visible to users for review prior to saving.

The level of AI interaction logging available can vary by feature and configuration, and Protecht can confirm the audit options for your environment.
 

Cognita is designed to support organisations in meeting requirements such as APRA CPS 230, ISO 31000, the Australian Privacy Act, GDPR, and the Australian AI Ethics Principles. It enables compliance activities but does not override regulatory obligations or governance processes.  
Cognita is designed with multiple safeguards to reduce the risk of bias, incorrect outputs, or misleading information.

These include:

  • Restricted information sources: Cognita only works with approved Protecht content and the customer’s data available in the platform. It does not search the public internet or introduce external information.
  • Clear scope and guardrails: Cognita is limited to specific use cases, such as assisting with records, explaining data, and generating summaries. It is intentionally prevented from providing advice outside its remit.
  • Transparency and labelling: All AI-generated content is clearly identified, so users know when suggestions or summaries have been created by AI.
  • Human review and control: Users can review, edit, or reject any AI-generated output before it is saved or shared. Cognita does not act autonomously or make decisions on behalf of users.
  • Ongoing monitoring and testing: Outputs are reviewed through quality assurance, subject-matter expert testing, and ongoing monitoring to identify and reduce potential issues over time.

Together, these measures ensure Cognita supports users safely and responsibly, while keeping accountability and decision-making firmly with the organisation.

All AI-generated content is clearly identified, audit logs are available, and users retain full visibility and control over AI suggestions.  
Cognita improves daily risk and compliance work by:
  • Assisting with platform navigation and form completion
  • Improving the quality and consistency of risk and incident data
  • Reducing duplication and manual effort
  • Providing in-context guidance and explanations
  • Generating an AI-created Insights Overview for scheduled incident reports, including:
    • an executive summary of the report
    • key themes and trends in the data
    • priority takeaways and talking points
    • links to key incidents and items

This helps teams and leaders understand what the data is showing without manually analysing every report.

Planned capabilities include agent-based automation, integration with tools such as Outlook and Teams, advanced analytics, regulatory intelligence, and deeper workflow support across TPRM and BCM.

All new features will be introduced carefully, with safety, trust, and governance as core principles.

 No. Cognita is optional and can be enabled or disabled at any time, allowing organisations to adopt AI at their own pace.  
Contact your Protecht Account Representative or Customer Success Manager, or register your interest in upcoming Cognita webinars and demonstrations.  

Find out more about AI and risk management

Thought leadership and product demonstration webinars

Product launch webinar

Meet Cognita: Your AI-powered GRC assistant.

Watch on demand

Thought leadership webinar

Governing AI risk: Tools, frameworks and real-world implementation with Protecht.

Watch on demand

Thought leadership webinar

Governing AI in a new era: Navigating risk, regulation and responsibility.

Watch on demand

Thought leadership webinar

AI risk controls: Is your AI under control or running wild?

Watch on demand

Related industries

Find out how Protecht’s industry expertise can help you meet your risk and controls management requirements across our key industry verticals:

  • Banking

    Manage risk and compliance with a platform configured to empower banks and credit unions.

    Learn more

  • Credit unions

    Strengthen your credit union’s governance, protect members, and streamline compliance with tailored risk and resilience solutions.

    Learn more

  • Insurance

    Stay on top of regulatory requirements with real-time reporting that gives every user risk ownership.

    Learn more

  • Fintechs

    Manage risk and compliance with a platform designed for rapid growth in a rapidly changing environment.

    Learn more

  • Asset management

    Protect investors and meet regulatory obligations with integrated risk management, compliance oversight, and governance tools for asset managers.

    Learn more

  • Other industries

    Whether you're managing operational risk in manufacturing, ensuring compliance in utilities, or building resilience in transport, Protecht adapts to meet your GRC needs.

    Learn more