Skip to content

Early Access opens July 12 · $99/mo · all suites during the launch window · price locked through Q1 2027 · Join the waitlist →

Compliance Suite

Security GRC (SOC 2)

Move past control attestations to continuous verification. Agents test that your SOC 2, ISO 27001, and NIST CSF controls actually work — every finding signed at write time and replayable, so the auditor verifies the same artifact five years out.

8 agentsGA · Aug 23, 2026Release: GA · Aug 23, 2026Buyer: CISO · Chief Compliance Officer · Head of Security Eng

What this suite does

SOC 2 · ISO 27001 · NIST CSF — active control verification — enforced per control, per framework, per evidence artifact. Every verdict is signed at write time and replayable byte-identically for five years.

  • Continuous SOC 2 Trust Services Criteria control testing (not once-a-year screenshots)
  • ISO 27001 Annex A + NIST CSF coverage from one canonical control catalog
  • Signed evidence per control finding — PASS and FAIL both join the chain
  • Auditor-ready evidence packs assembled on demand

Key agents in this suite

A representative slice of the 8 agents in this suite. Each ships with deterministic verdicts, a cryptographic evidence chain, and per-framework control mapping.

Control Test Runner

Executes control tests on a configurable cadence and emits a signed verdict for each.

Access Review Agent

Verifies least-privilege and joiner-mover-leaver access against the live directory.

Change Management Auditor

Confirms code and config changes followed the approved, evidenced path.

Vendor Risk Mapper

Tracks third-party risk and surviving obligations against actual data flows.

Evidence Pack Builder

Assembles auditor-ready, framework-mapped evidence packs from the chain on demand.

Why the substrate matters

Every agent in this suite shares one foundation: a canonical control catalog that projects the same evidence across frameworks, and an evidence chain that is signed at write time, independently timestamped, tamper-evident, and deterministically replayable. The auditor accepts the same artifact at year five that they accept today.

That is the difference between agent-based compliance that is workflow-grounded and AI compliance tooling that is a black box. Agent-based defensibility platform — workflow-grounded.

Read next

Get this suite

Join the early-access cohort ahead of Full GA on August 23, 2026. The substrate the auditor accepts — not legal advice; your counsel stays in the loop.

Last reviewed · Reviewed by the acipta compliance & accessibility team.

Was this page helpful?