Thalorin

Regulatory compliance for network systems has long been trapped in outdated processes. Organizations face hundreds of individual "controls" within regulations, each requiring:

• Evidence of compliance
• Assignment of responsible personnel
• Consistent tracking and documentation

The industry currently relies on archaic compliance software or simple Excel spreadsheets to manage this complex process. This presented a clear opportunity for innovation: What if large compliance documents could be automatically parsed into tickets within a project management dashboard?

I joined Thalorin in its early stages to tackle this exact design challenge.

The Startup environment

Thalorin exemplified the classic startup balancing act: ambitious vision constrained by practical realities. We had secured initial venture capital funding, creating both opportunity and pressure. Several potential enterprise clients had signed letters of intent to implement our platform once developed, giving us validation but also establishing firm delivery expectations.

When I joined the team, I discovered a significant gap between the product vision being pitched to investors and the actual state of development. The founding team had successfully communicated the transformative potential of automating compliance workflows, but the existing prototype lacked the sophistication and usability needed to deliver on these promises.

My role became threefold:

• Elevate the design language to match the enterprise-grade expectations of our target market
• Create intuitive interfaces for complex regulatory processes without overwhelming users
• Establish design patterns that could scale as we added more regulatory frameworks to the platform

Operating under the venture capital timeline meant we couldn't perfect everything at once. We adopted a strategic approach of "move fast, but build something substantial" – focusing our limited resources on the core differentiating features while ensuring the foundation was robust enough to support future iterations. This required daily prioritization discussions and a willingness to make difficult tradeoffs between immediate feature delivery and long-term platform sustainability.

Key Terminology

To understand the software that we're building, it's important to first clarify some key terminology.

To establish clarity on our minimum viable product, I created journey maps and user flows to visualize the system's functionality. These simple maps facilitated crucial discussions with the founder about:

• Essential features for the MVP
• Logical placement of features within the application
• Supporting elements needed to make core features work

These mapping exercises helped us focus on what would make Thalorin truly unique while ensuring we built the necessary foundation.

We designed a digital library that transformed unwieldy PDFs into interactive resources with two key innovations:

1. A reusable hierarchical structure for various regulation types:
   • Analyzed frameworks like NIST, HIPAA, and SOC2 to identify common patterns
   • Developed a flexible taxonomy for different regulatory terminology
   • Created a database schema preserving relationships between all elements
2. A control-focused interface for efficient interaction:
   • Treated each control as a discrete, actionable item
   • Highlighted key compliance requirements with visual prominence
   • Provided contextual information within the regulatory framework

The result was a card-based interface with intuitive sub-navigation:

• Regulation cards with summary information and statistics
• Control family cards with collapsible sections
• Control cards showing requirements and guidance
• Progressive disclosure revealing details only when needed

User testing showed this approach reduced time to locate compliance requirements by approximately 70% compared to traditional methods.

‍

The process works in three key stages:

1. Control selection - Users navigate a hierarchical tree view of regulations:
   • Browse through regulation families to locate relevant controls
   • Filter controls by keywords, risk levels, or implementation status
   • Select individual controls, entire families, or any combination in between
   • See real-time counts of selected items for project scope estimation
2. Task creation - The system transforms selected controls into structured tasks:
   • Automatically generates task titles from control descriptions
   • Extracts compliance steps from the regulation text
   • Maps relationships between interdependent controls
   • Assigns default priority levels based on regulatory risk assessments
3. Assignment workflow - Users distribute responsibility for compliance tasks:
   • For the MVP, we simplified this to control family assignment
   • Team leads can assign entire sections to appropriate departments
   • The interface provides visibility into workload distribution
   • A smart suggestion system displays previously assigned similar controls

This approach allows organizations to precisely tailor compliance projects to their specific needs, whether implementing a new regulation from scratch or addressing gaps in existing compliance. While we kept the MVP focused on basic functionality, our roadmap includes plans for an AI-assisted system that can analyze control text, recommend assignees based on expertise, and predict implementation timelines based on historical data.

The main workspace in Thalorin uses a familiar Kanban board view, displaying tasks automatically generated from selected controls. This provides:

• A comfortable, intuitive interface for project management
• Clear visual organization of compliance tasks
• Familiar workflow patterns for teams

When viewing a specific task, users access a slide-out tray containing:

• Standard task management elements
• Compliance steps specific to Thalorin
• Evidence submission functionality for each step

These compliance steps represent the specific actions required to satisfy a control, with evidence (typically screenshots) uploaded directly within the interface.

As Thalorin continues to secure funding and market interest, we're expanding the platform's capabilities:

1. Enhanced Communication: Redesigning chat functionality to aggregate comment threads into a centralized location
2. AI Integration: Developing intelligent features to:
   • Summarize regulations
   • Provide actionable insights
   • Make project generation smarter and more intuitive
   • Reduce the need for manual adjustments after project creation

Compliance is entering an exciting new chapter, and I'm stoked to be contributing to Thalorin's vision of transforming this traditionally cumbersome process into a streamlined, intelligent system.