Skip to content
English
Go to support portal
  • There are no suggestions because the search field is empty.

Getting Started Guide

A step-by-step guide for the initial setup of your organization's Hy5 account, including user invitations, and basic configuration.

Getting Started Guide: Your First Steps with Hy5

Objective: In under 30 minutes, this guide will help you set up your account and achieve your first key goal, whether it's analyzing contracts, policies, or controls.

Section 1: Welcome to Hy5!

  • 1.1. A Quick Welcome

This guide is designed to lead you to your first "moment of value" at Hy5 as quickly and smoothly as possible.

We understand that navigating regulatory compliance is complex, and every organization starts from a different place. That’s why this platform is built for flexibility - you don’t need to have everything ready at once.

  • 1.2. What You'll Accomplish

Our goal is to help you build a clear and complete view of your compliance posture. To get you there, Hy5 is designed to perform a rapid initial analysis of your data, but your expert review is the most critical step in the process.

Think of this as a partnership. The platform provides speed and structure, while you provide the final validation and context. Here's what that means in practice:

  • The Platform Provides the Starting Point, You Provide the Final Word. The system's analysis is designed to save you significant time by handling the initial heavy lifting, but it does not replace your professional judgment.
  • Your Review Creates the Audit Trail. Every initial assessment should be reviewed and confirmed within the platform. This action demonstrates essential human oversight and builds a robust, defensible compliance record.
  • Your Context is Key. If a finding doesn’t align with your understanding, it’s an opportunity to apply your organizational knowledge. Overriding a result is an expected and valuable part of the workflow.

This ensures the final result is a compliance picture that is both rapidly created and expertly validated by you.

Section 2: The 10-Minute Setup

  • 2.1. Signing in and securing your account

Welcome to the platform! Your account has already been created by your distributor or a colleague. Follow these steps to sign in for the first time and set up your account securely.

Your First Sign-In

  1. You will will receive an email titled “you have been invited to join an organisation on Hy5!” where you get a link to go to app.hybridity.ai.
  2. Enter your email address and click continue.
  3. Check your inbox for a sign-in link. The email will come from noreply@auth.hybridity.ai.
    • Important: If you don’t see it within a minute, please check your junk or spam folder.
  4. Click the link in the email to sign in for the first time. Your account is now active.

Recommended Next Step: Secure Your Account with MFA

For enhanced security, we highly recommend setting up Multi-Factor Authentication (MFA) right away.

To do this, click your name in the top-left corner, then click your name again in the dropdown menu to open your Personal Settings. From there, you can choose and configure your preferred MFA method.

How to Sign In Next Time

Going forward, the process uses a secure, two-step verification:

  1. Go to app.hybridity.ai and enter your email.
  2. You will receive a one-time sign-in code in your email. Enter this code on the login screen.
  3. If you have MFA enabled, you will then be prompted to enter the code from your authenticator app.

Session Security

For your protection, your login session will automatically time out after 1 hour. We recommend logging out at the end of your session when your work is complete.

  • 2.2. Configuring your organisation settings

Before you begin uploading documents, the person responsible for the account should take a few moments to configure the organization's settings. These settings will define your workspace, frameworks, and team structure.

How to Access Your Settings

  1. Click your name in the top-left corner to open the main menu.
  2. Quick Check: If you have access to multiple organizations (e.g., a test environment and your main account), ensure the correct organization name is displayed at the top of the menu before proceeding.
  3. Click Settings.

You will see several tabs. Here’s what each one does:

Organization

This section contains your organization's core profile details. While anyone can view this information, only Owners and Admins can make changes.

  • What you can do:
    • Add your company logo for a personalized workspace.
    • Edit the organization's name.
    • Enter key business information like Tax ID, billing email, and number of employees.
    • Set the default Sharing Preferences, which determines the standard viewing rights for new documents uploaded to the platform.

Frameworks

This is a crucial step of your setup. Here you can manage the regulatory frameworks your organization will use.

  • What you can do:
    • View all available frameworks and see which ones are planned for the future.
    • Enable the specific frameworks your organization needs to work with.
    • Note that adding frameworks might affect your billing based on your current plan - if you add new frameworks you will be contacted by support.
    • After enabling your frameworks, they will show up on the home page in your lefthand sidebar under “Frameworks”.

Members

This is where you invite and manage your team members. Permissions for adding users depend on your role.

  • Invite New Members: Owners and admins of the Hy5 account can invite new people to the organization.
  • Manage Roles: Adding users with specific roles is limited:
    • Owners can add new Owners, Admins, or Users.
    • Admins can add new Admins or Users.
    • Users cannot add any users.

Groups

Groups allow you to organize your members for easier task assignment and management.

  • Who can do it: Only Owners and Admins can create and manage groups.
  • Why it's useful: You can create groups for teams responsible for a common task (like reviewing contracts or working with controls) or for managing a specific framework.
  • Make sure to invite users to the platform first so you are able to add them to groups.

Labels

Labels are like tags that help you categorize and filter your documents as your library grows.

  • Who can do it: All users can create and manage the labels for the organization.
  • How it's used: Once you begin uploading documents, you can apply labels to them, making it easy to find and organize related materials later on.

Section 3: Choose Your Starting Point

3.0. How Do You Want to Begin Your Compliance Journey?

Your first step is to select the regulatory framework you want to work with (for example, DORA). This is done within Frameworks in the lefthand sidebar. Once a regulation is selected, you will land in the main workspace for that framework. This is the central hub where all your compliance requirement, analysis, and reviews will come together.

Before you choose a starting point, let's get familiar with this view. It is organized into several key tabs:

  • Overview: A high-level dashboard of your compliance posture on the selected framework.
  • Requirements: This is the core of the framework. It contains a detailed list of every requirement from the regulatory framework. As you work, you'll see exactly which policies and controls you have connected and reviewed against each item right here.
  • Policies: The dedicated area to upload your policy documents, run analyses, and review the results.
  • Controls: The dedicated area to add, upload, and manage your operational controls.
  • Contracts: The dedicated area for uploading your contracts, running analyses, and reviewing the results.
  • Reports: A section for generating compliance reports (coming soon!).

Now you're ready to start. The platform is designed to meet you where you are - there is no single "correct" place to begin. Your goal is to get your first compliance insight, your first "win," as quickly as possible.

Below are three starting points. If your plan is to utilize the full potential of Hy5 - start with path A. All the work you do will automatically connect back to and update your central Requirements view. Note: For the best results, we recommend having related policies in place (Path A) before you begin linking controls (Path B).

  • Path A: Start with your policies

    Choose this path if your primary question is: "Do our internal policies and procedures cover what our chosen regulation requires?"

    • What you'll do: Upload your current policy documents within the relevant regulatory framework (e.g., Information Security Policy, Business Continuity Plan within GDPR).
    • What you'll get: An instant, paragraph-by-paragraph assessment showing where your documents align with the framework's requirements and, more importantly, where they fall short.
    • Jump to Section 3.1 for step-by-step instructions

  • Path B: Start with your controls

    Choose this path if your primary question is: "How can I manage and track all our existing operational controls in one place?"

    • What you'll do: Upload or manually add your list of operational controls.
    • What you'll get: A central control library where you can assign owners or groups, schedule evidence reviews, and track the operational status of your compliance efforts.
    • Jump to section 3.2 for step-by-step instructions

  • Path C: Start with your contracts

    Choose this path if your primary question is: "Are our third-party contracts compliant with the specific requirements of our chosen framework?"

    • What you'll do: Upload your vendor or partner contract files.
    • What you'll get: A clear summary of which framework-mandated clauses are present or missing in your agreements, with the ability to generate draft amendments to fix gaps.
    • Jump to section 3.3 for step-by-step instructions

  • 3.1. Path A: Start with your policies

This path is for understanding how your internal policies stacks up against your chosen regulatory framework. For most organizations, this is a natural place to begin work in Hy5.

  • Step 1: Get Familiar with Framework Requirements

Before uploading policies, it's helpful to understand what you're analyzing against:

  • Navigate to Frameworks and select the relevant framework you want to perform a gap analysis against.

  • Overview page: You'll see a collection of metrics showing your level of compliance.

  • Requirements page: This contains all regulatory text with its paragraphs and AI-generated "instructions" or "requirements" that enable high-accuracy analysis.

    • Click into any group of requirements to see individual paragraphs
    • For each requirement, you'll find:
      • Controls tied to paragraphs: See if controls are linked and whether they're met
      • Impact: A setting you can configure for your organization
      • Applicability: A critical setting to ensure only applicable parts of the regulation are applied to your analysis
    • Managing Applicability: You can turn on or turn off specific parts (policy requirements and control requirements) for your organization. This action is logged, so if you're audited, you can show which parts were applicable at any point in time.
    • Custom Requirements: You can add your own requirements inside the regulation if you have specific policy requirements tied to a paragraph.

  • Step 2: Upload Your Policy Files

    • Navigate to the Library section and select Policies (left-hand sidebar).
    • Click the upload button and select the file or folder with files you want to analyze (e.g., your company's Information Security Policy).
    • You'll now see information about the file/folder displayed in a row with several columns.
    • Click "Access" and ensure the correct members/groups have access to it.
    • Click "Frameworks" and select the relevant framework(s) that apply to this policy.

  • Step 3: Navigate to Framework Policies & Run the Analysis

    • Navigate to Frameworks and select the framework you want to work with.
    • Click the "Policies" tab inside the framework.
      • You'll first see a summary of the paragraphs of the regulation.
      • Note: You can also add more policies directly here - policies uploaded inside a framework will automatically get tagged with that framework.
      • Click into one requirement to see how many policy requirements are attached to that specific paragraph.
        • You can also filter to see policy requirements for the entire regulation.
      • In the results view (column: "Compliance Status"), you'll see "Run Review".
      • Click "Run Analysis" and start analysis one by one. Each analysis will be completed within a minute or a few minutes depending on the size and complexity of the file.

  • Step 4: Review the Output

    • The system will generate a detailed report. You will see:
      • A summary of unmet requirements: A high-level list of potential gaps.
      • A detailed paragraph-by-paragraph assessment: A granular view of how each part of your policy maps to specific requirements, including:
        • Reasoning for the compliance determination
        • References to specific parts of your policy document
        • Compliance status
        • Options to override or approve

  • Step 5: Take Action on the Results & Configure the framework

    • Your review is the most important part of the process. The platform gives you full control to act on the results and even refine the underlying analysis to fit your organization's specific needs:
      • Override a result: If you disagree with the AI's interpretation, you can override it and add your reasoning.
      • Mark items as verified: Use the review field to confirm you have validated the AI's findings. This creates a crucial audit trail of human oversight.
      • FOUNDATIONAL SETUP (for Owners and Admins): Refine the AI Interpretation: If you find the AI's reasoning is consistently off because of how it interprets a requirement, you can change it for all future analyses.
        • Go to the main Requirements tab for the framework.
        • Find the relevant requirement and edit the AI Instruction to better align with your organization's practice.
        • This calibrates the system to your unique context.
      • Manage applicability: In the same Requirements tab, you can mark any requirements that are not applicable to your organization.

  • Step 6: Update & Re-run Analysis

If you need to update a policy after finding non-compliance:

  • Go to LibraryPolicies
  • Open the policy file in the platform
  • Press "Delete" to remove the old version
  • Click the plus sign to upload the new file
  • Return to Frameworks → select your framework → "Policies" tab
  • Choose the relevant requirement
  • Re-run the previously run analysis
  • Note: The "old" run is logged and can be revisited later for audit purposes

Always re-run the analysis after updating your policy document, refining an AI instruction, or changing applicability. This will update your compliance posture based on the latest changes.

  • 3.2. Path B: Start with your controls

This path is for creating a single source of truth for all your operational controls and linking them to your regulatory frameworks and policies. Note that you need to start with uploading policies (Path A) to continue with controls.

  • Step 1: Add Your Controls

    • Navigate to the Frameworks section and choose the "Controls" tab.
    • Click "Add control".
    • You have two options:
      • Bulk upload: Download the template to create a list of controls, save it on your computer, then upload it. If you have controls in another system, you can download them from there, organize them using the template, and upload.
      • Manual entry: Add new controls manually one by one.

  • Step 2: Monitor Control Health

Above your controls list, you'll see two key metrics:

  • Requirements not met: When you create controls, they are not automatically mapped to the regulation (automatic mapping function coming soon). Once all controls are mapped, this will show 0 and turn green.

  • Controls with issues: Controls where action needs to be taken, such as:

    • Incomplete setup
    • Missing owner assignment
    • Undefined frequency
    • This ties into the operational work of people actually working with controls.

  • Step 3: Complete Control Details

    • For each control, complete its metadata:
      • Owner: Who is responsible for the control
      • Evidence provider: Who is responsible for providing evidence
      • Frequency: How often evidence needs to be provided
      • Priority/Criticality: How critical the control is
      • Type: The category of control
    • Link your controls to the relevant regulatory requirements. This step connects your operational activities directly to your compliance goals. (Note: This mapping process will be automated in a coming update but for now, it is a manual step).

  • Step 4: Review Your Populated Control List

You now have a dynamic and centralized control library. You can see all your controls, their owners, and how they map to the framework in one place.

  • Audit Log: Click the "Audit Log" tab to see what has changed and at which point in time. The system tracks all necessary changes automatically.

    • You can also filter here to look at specific controls.

  • Step 5: Put Your Controls to Work

Now you can manage compliance actively:

  • Assign tasks: Control owners can assign the task of providing evidence to a specific user or user group.

  • Provide evidence: The person assigned to provide evidence for the control will see it in their "Tasks" section.

    • In the "Evidence" tab, they can upload evidence with relevant information.

  • Approve evidence: After evidence has been provided, the control owner will see it in the control list and must approve or reject it.

    • The owner is responsible for this approval/rejection decision.

  • Automate reminders: The system automatically creates a new task for the assignee each time evidence needs to be reviewed, based on the frequency you set.

  • 3.3. Path C: Start with your contracts

This path is for analyzing your third-party contracts to ensure they contain the clauses required by your chosen regulatory framework.

  • Step 1: Upload Your Contract Files

    • Navigate to the Library section and choose Contracts.
    • Upload the contract file or files you wish to analyze.
    • Important: If a single agreement consists of multiple files, be sure to add them all together in a folder so they can be analyzed as one unit.
    • You will see a list of the contracts uploaded and columns of metadata that has been extracted from them.
    • Go to the access column and make sure the relevant members and groups have access. Then go to the Frameworks column and add the Frameworks that are applicable for the contract

  • Step 2: Initiate the Analysis in Frameworks

    • Go to Frameworks and choose the relevant regulatory framework (the one you tagged in your contract library)
    • Choose Arrangements
    • Click the "Run Analysis" button. The AI will read the legal text and search for clauses that correspond to specific regulatory requirements.

  • Step 3: Review the Output

    • The system will generate a detailed assessment of the contract. You will see:
      • A summary of unmet requirements: A clear list of mandatory clauses that were not found.
      • A detailed paragraph-by-paragraph assessment: A granular view showing how the contract's text maps to the requirements.

  • Step 4: Take Action on the Results & Refine the Framework

    • Based on the analysis, you have several options for immediate action and for fine-tuning the framework for future contract reviews:
      • View non-compliant clauses: Drill down into the specific reasoning for why a clause was flagged.
      • Override results: If you disagree with the AI's finding, you can override it and write a note to explain why.
      • Mark as reviewed: Use the review field to confirm you have checked the system's findings, documenting your oversight.
      • Generate draft amendments: Where applicable, use the system to create draft legal text to fix the identified gaps in your contract.
      • FOUNDATIONAL SETUP (for Owners and Admins): Refine the AI Interpretation: If you notice a recurring misinterpretation across different contracts, you can permanently improve the analysis.
        • Navigate to the main Requirements tab for the framework.
        • Find the requirement and edit the AI Instruction to add the specific context or nuance your organization requires. This ensures all future contract analyses for this requirement will be more accurate.
      • Re-run analysis: After refining an AI instruction, you should re-run the analysis on your contract to see the new, more accurate output.

Section 4: Where to Go From Here

  • 4.1. Your Next Steps

Congratulations! You've successfully completed your first analysis, turning data into a clear, actionable insight. This is the foundation Hy5.

Now, you can build on that momentum:

  • Broaden Your Compliance View Add more of your policies, controls, or contracts to the platform. The more information you connect, the more powerful your central Requirements view becomes.
  • Activate Your Team Go back to Settings > Members to invite your colleagues. Start assigning owners to controls and delegating tasks to turn your findings into a proactive, collaborative workflow.
  • Take Confident Action Use your new insights to make informed decisions. Whether it's updating a policy, remediating a control, or amending a contract, you now have a clear starting point.

Your "first win" is just the beginning. We're here to help as you continue your work.

  • 4.2. Getting Help

We're committed to your success and are here to help whenever you need it. If you have any questions, here’s how you can get in touch with us:

  • In-Platform Support: For the fastest assistance with your questions, click the Get Support button located in the bottom-left corner of the main page.
  • Email Support: You can also send your questions directly to our team by emailing**support.hybridity.ai**.
  • Account-Specific Inquiries: For special inquiries, such as questions about your contract or commercial details, please reach out to your designated contact person.