Everything you need for
enterprise compliance
Six capability areas, purpose-built for security teams running multi-framework programmes — no spreadsheets, no duct tape.
6
Frameworks supported
93
Pre-loaded controls
38+
Policy templates
< 2 min
First policy draft
99.9%
Uptime SLA
SOC 2
Type II in progress
Run your whole compliance programme from one place
From policy authoring to audit completion — AISEC manages the full lifecycle without spreadsheets, shared drives, or disconnected tools.
AI-powered policy generation
Describe your requirement in plain language and receive a framework-aligned policy draft in under 2 minutes, powered by Claude.
- Covers ISO 27001:2022, SOC 2, GDPR, NIS2, NIST CSF, and DORA
- Outputs are editable — full ownership remains with your team
- Metadata-enriched with framework references and control mappings
- Policy history with diff view between versions
Policy lifecycle management
Draft → Review → Approval → Published — with explicit ownership, transition timestamps, and version locking.
- Submit-for-review workflow with email notifications
- Approval gates with audit trail of approver identity
- Controlled access: Editors draft, Admins approve
- Bulk operations for large policy libraries
Open Policy Library — 38+ templates
Community-maintained starting points for every common policy need, filterable by framework, sector, and control family.
- One-click import into any tenant
- Includes Data Classification, Acceptable Use, BCP, BCDR, ISMS scope
- Updated by the community as frameworks evolve
- Each template notes which controls it satisfies
ISO 27001:2022 Annex A — 93 controls
Every Annex A control pre-loaded with implementation status tracking, responsibility assignment, and evidence linking.
- Covers all 4 themes: Organisational, People, Physical, Technological
- Statement of Applicability view with applicability rationale
- Implementation status: implemented / partial / planned / not applicable
- Filter and export by theme, status, or responsible owner
Risk management that actually reflects your threat landscape
A working risk register — not a spreadsheet archive. Track, score, treat, and close risks with AI assistance and full audit traceability.
Risk Register with 5×5 matrix
Configurable likelihood × impact scoring with heat-map visualisation and drill-down from any cell.
- Four treatment options: accept, mitigate, transfer, avoid
- Risk owner assignment with due-date tracking
- Residual risk scoring after treatment
- Inherited risk support for shared controls
AI Inventory (AI-BOM)
Machine-readable inventory of every AI system, model, data source, and inference endpoint — aligned to ISO 42001.
- Auto-generates an AI Bill of Materials for audit purposes
- Risk classification: high / medium / low per system
- Linked to relevant ISO 27001 controls and evidence
- Exportable as JSON or PDF for regulators and auditors
Supply Chain Risk module
Vendor inventory with risk tier classification and AI-assisted supplier questionnaires, mapped to ISO 27001 A.5.19–22.
- 5-level supplier risk tiers with automated escalation triggers
- AI-assisted questionnaire generation per vendor type
- Evidence linking: contracts, certifications, DPAs
- Due diligence tracking with renewal reminders
Threat Intelligence Hub
Live intelligence feeds from MITRE ATT&CK, CISA advisories, and NVD with AI-summarised relevance scoring per control.
- Aggregated feed updated daily from 3 authoritative sources
- AI scores each advisory against your current control posture
- Direct links from threat to the controls that mitigate it
- Alert thresholds configurable by severity and control family
From evidence chaos to audit-ready in days
Collect, classify, review, score, and link evidence to controls — manually or automatically from the tools your team already uses.
Evidence Collector
Unified evidence inbox for manual uploads and integration-driven collection from your existing toolchain.
- Integrations: AWS Config, GitHub audit logs, Jira, Confluence, Slack
- Upload PDF, DOCX, PNG, CSV, JSON — all indexed for search
- Auto-tag by file type and content classification
- Review queue with approve / request changes / reject actions
Evidence Quality Scoring
Each piece of evidence is automatically scored 0–100 across four dimensions so you know your weakest links before the auditor does.
- Completeness: does it contain what the control requires?
- Recency: is it within the acceptable age window?
- Specificity: does it name the right systems and owners?
- Framework relevance: does it align to the mapped control?
Immutable Audit Trail
Every create, update, delete, and access event is cryptographically anchored — no user, including admins, can alter or delete entries.
- Full event log: who did what, to which record, when
- Exportable as a signed PDF for regulatory submissions
- Tamper detection using hash chain verification
- Retention period configurable per compliance requirement
Audit Programmes
Create and manage internal and external audit cycles with finding tracking, corrective action plans, and closure evidence.
- Schedule internal and external audit rounds
- Link audit findings directly to controls and risks
- Track corrective actions with owner and due-date
- Generate audit completion reports with one click
AI that understands compliance — not just text
Every AI feature in AISEC is grounded in your specific control library, policies, and risk register — not generic language model outputs.
AI Assistant Chat
Conversational compliance expert with full access to your policies, controls, risks, and evidence — not a generic chatbot.
- Ask "which controls are partially implemented and why?"
- Get suggested next actions for any open risk or gap
- Draft corrective action plans from plain language descriptions
- Multi-turn conversations with persistent session context
AI Gap Analysis
Submit your current control posture and receive a prioritised remediation plan with effort estimates, template links, and owner suggestions.
- Powered by Claude with your actual control data as context
- Estimates effort in hours per gap item
- Links to relevant policy templates and evidence examples
- Exports as a shareable PDF or structured JSON
Compliance Drift Detection
Automated daily comparison of your implementation status against the baseline — alerts when coverage drops below your threshold.
- Configurable alert thresholds per framework
- Notification via email, Slack, or webhook when drift exceeds threshold
- 90-day trend graph showing coverage over time
- Root-cause attribution: which controls caused the drift
AI-assisted questionnaires
Generate supplier risk questionnaires, audit prep documents, and gap commentary from a one-line description.
- Tailored to vendor type, sector, and relevant standards
- Produces structured Q&A format ready for portal distribution
- Includes scoring guidance for each question
- Outputs editable DOCX or PDF
Compliance insights for every audience
From engineering-level control dashboards to board-ready KPI screens — give every stakeholder the view they need without rebuilding it each time.
Executive Dashboard (Board View)
Single-screen KPI summary for leadership — no data wrangling, always current.
- Framework compliance scores with trend arrows
- Open risk count by severity tier
- Audit status: in progress, findings outstanding, closed
- Evidence health: score distribution across the library
Competitive Benchmarking
Compare your compliance posture against 3 peer-anonymised datasets for your sector and company size.
- ISO 27001, SOC 2, and GDPR benchmark data available
- See where your scores rank among peers
- Identify which control families are below benchmark
- Update quarterly as new benchmark data is collected
Monitoring & Alerting
Real-time compliance health scores with configurable alert rules and historical trend tracking.
- Alert rules: score threshold, evidence expiry, drift detection
- Notification delivery: email, Slack, Teams, or webhook
- 30-day and 90-day trend charts for every framework
- Service health polling at 30-second intervals
Built for teams that treat compliance as code
Full API surface, IaC provider, SDKs, GitHub Actions, and webhook delivery — AISEC plugs into the pipelines your engineering team already runs.
REST + GraphQL APIs
Complete API coverage for every entity — policies, risks, controls, evidence, audits, users — with consistent versioning and pagination.
- GraphQL with nested resolvers and DataLoader batching
- REST endpoints at /api/v1/ with JSON:API pagination
- OpenAPI 3.1 spec published and kept in sync
- Rate limits and quota management via API Keys panel
Terraform Provider
Manage tenants, policies, users, and roles as infrastructure-as-code — published to the Terraform Registry.
- Resources: aisec_tenant, aisec_policy, aisec_user, aisec_role
- Full CRUD lifecycle with import support for existing resources
- State file compatible with Terraform Cloud and Atlantis
- Works alongside Sentinel policies for policy-as-code governance
TypeScript + Python SDKs
Idiomatic clients for the two most common compliance automation languages — both published to public package registries.
- TypeScript: npm install @cipherfort/aisec-sdk — full types
- Python: pip install aisec-sdk — async/await support
- Auto-generated from OpenAPI spec to stay in sync
- Includes retry logic, exponential backoff, and error types
Webhooks + GitHub Actions
18 event types with signature verification and a native GitHub Actions plugin for CI-integrated compliance.
- Events: policy.approved, risk.created, evidence.uploaded, drift.detected
- HMAC-SHA256 signature on every delivery — verify before processing
- GitHub Action: trigger gap analysis, collect evidence, fail on drift
- Retry with exponential backoff on failed deliveries
Ready to see it in action?
Start a free trial and have your first policy drafted and your first controls mapped within an hour.