Compliance & Framework Readiness

Internal control templates aligned with AI-specific and general security frameworks.

Map your AI governance controls to ISO/IEC 42001, NIST AI RMF, EU AI Act, SOC 2, ISO 27001, and GDPR. These templates help organizations accelerate audit readiness and internal governance reviews.

Disclaimer: These controls represent internal readiness mappings only and are not audit certifications. This page displays internal control templates for demonstration purposes.

Internal Control Readiness

You have implemented 100% of the internal control templates we mapped to SOC 2 principles.

(This is not a SOC 2 certification.)

100%

Internal Mapping

AI Governance Frameworks

Security & Privacy Frameworks

Control Environment

100%

1/1 internal controls mapped

Logical Access

100%

4/4 internal controls mapped

System Operations

100%

2/2 internal controls mapped

Change Management

100%

1/1 internal controls mapped

Availability

100%

2/2 internal controls mapped

Confidentiality

100%

2/2 internal controls mapped

Processing Integrity

100%

2/2 internal controls mapped

Privacy

100%

2/2 internal controls mapped

SOC 2 Trust Service Criteria Checklist

CC1.1Control Environment

Organization demonstrates commitment to integrity and ethical values

Code of conduct, ethics policies, and organizational culture

Evidence:

Code of ConductEthics PolicySecurity Awareness Training

Mapped

CC6.1Logical Access

Logical access security measures are implemented

Authentication, authorization, and access control systems

Evidence:

Multi-factor Authentication (MFA)Row Level Security (RLS)API Key AuthenticationRole-Based Access Control (RBAC)

Mapped

CC6.2Logical Access

Access to data and system resources is removed when access is no longer required

Deprovisioning processes and access reviews

Evidence:

Automated user deactivationAPI key revocation systemQuarterly access reviews

Mapped

CC6.6Logical Access

Transmission of data is protected

Encryption in transit for all data transmission

Evidence:

TLS 1.3 encryptionHTTPS enforcementEncrypted webhooks

Mapped

CC6.7Logical Access

Data at rest is protected

Encryption of stored data

Evidence:

Database encryption at rest (Supabase)SHA-256 hashed API keysEncrypted integration credentials

Mapped

CC7.2System Operations

System availability monitoring and incident response

Monitoring, alerting, and incident management

Evidence:

Real-time anomaly detectionAlert management systemIntegration with Datadog/PagerDuty24/7 system monitoring

Mapped

CC7.3System Operations

System availability issues are identified and resolved

Incident response and resolution procedures

Evidence:

ServiceNow incident managementJira ticket trackingSLA monitoring

Mapped

CC8.1Change Management

Changes to the system are authorized and tested

Change management and testing procedures

Evidence:

Git version controlPull request reviewsStaging environment testingAutomated CI/CD pipeline

Mapped

A1.1Availability

System availability objectives are maintained

Uptime SLAs and redundancy

Evidence:

99.9% uptime SLAMulti-region database replicationCDN for static assetsAuto-scaling infrastructure

Mapped

A1.2Availability

Environmental protections are in place

Infrastructure resilience

Evidence:

Cloud infrastructure (Vercel/Supabase)Automated backupsDisaster recovery plan

Mapped

C1.1Confidentiality

Confidential information is protected

Data classification and protection

Evidence:

Multi-tenant data isolation (RLS)PII detection systemData retention policiesSecure data deletion

Mapped

C1.2Confidentiality

Confidential information is disposed of securely

Secure data disposal procedures

Evidence:

Automated data deletion on account closureSecure hard delete from databaseBackup retention policies

Mapped

PI1.1Processing Integrity

Data processing is complete and accurate

Data validation and integrity checks

Evidence:

Input validation on all API endpointsDatabase constraints and foreign keysAudit trail for all data changesChecksums for data integrity

Mapped

PI1.2Processing Integrity

Processing errors are identified and corrected

Error handling and correction procedures

Evidence:

Comprehensive error loggingRetry logic for failed operationsAlert system for processing failures

Mapped

P1.1Privacy

Notice is provided to data subjects

Evidence:

Privacy PolicyTerms of ServiceCookie Policy

Mapped

P2.1Privacy

Data subject rights are honored

Access, correction, and deletion rights

Evidence:

Self-service data exportAccount deletion functionalityGDPR compliance features

Mapped

Note: For certification, your organization must undergo an external SOC 2 audit.