Where AISEC is headed

Multi-tenant compliance platform

Row-level security isolating all tenant data at the database layer with full RBAC.

ISO 27001:2022 Annex A control library

93 controls across 4 themes pre-loaded; map to policies, risks, and evidence.

AI policy generation

Claude-powered policy drafts in under 2 minutes, aligned to any supported framework.

Risk Register

5×5 likelihood/impact matrix with treatment workflow and AI-suggested controls.

Evidence Collector

Manual uploads + integrations with AWS Config, GitHub, Jira, Confluence, and Slack.

SOC 2 Type II control mapping

64 trust service criteria mapped with gap indicators and remediation guidance.

GraphQL API + Terraform provider

Full API surface with nested resolvers, DataLoader batching, and IaC support.

Webhooks + API Keys

18 event types with retry logic, signature verification, and scoped key management.

Open Policy Library

38+ community templates across ISO 27001, SOC 2, GDPR, NIS2, NIST CSF, and DORA.

TypeScript + Python SDKs

Published to npm and PyPI with full type coverage and async support.

GitHub Actions plugin

Trigger evidence collection, gap analysis, and drift-threshold PR checks in CI.

OIDC federation

Connect Okta, Auth0, Azure AD, or Google Workspace for SSO.

Compliance Drift Detection

Daily automated baseline comparisons with threshold alerts.

Executive Dashboard

Board-ready KPI screen with framework scores, risks, and audit status.

AI-BOM + Supply Chain module

AI inventory with ISO 42001 mapping and vendor risk tier management.

Immutable Audit Trail

Cryptographically anchored event log — cannot be modified by any user role.

Full mobile responsiveness

Every screen adapts to phones and tablets — compliance work shouldn't be desktop-only.

WCAG 2.1 AA certification

Full contrast audit, keyboard navigation, screen reader testing, and ARIA landmark pass.

Integration test suite

Service-to-service contract tests and E2E flows for all critical user journeys.

Content Security Policy headers

Strict CSP with nonce-based script allowlisting and report-only mode for monitoring.

Service-to-service mTLS

Zero-trust internal communication — no implicit trust between microservices.

SOC 2 Type II attestation

Working through AICPA trust service criteria with an external auditor for the platform itself.

Q3 2025

Slack + Microsoft Teams deep integration

Compliance alerts, risk approvals, and evidence requests directly in your messaging tools.

Q3 2025

SCIM auto-provisioning

Sync users, groups, and roles directly from your IdP — zero manual user management.

Q3 2025

Evidence auto-collection from cloud providers

Pull configuration snapshots from AWS, Azure, and GCP on a schedule — no manual uploads.

Q3 2025

Automated control testing

Schedule and run repeatable technical tests against controls; auto-attach results as evidence.

Q3 2025

On-premise deployment option

Docker Compose and Kubernetes Helm chart for air-gapped or data-residency constrained environments.

Q3 2025

Advanced reporting builder

Drag-and-drop report designer for custom audit packages, board reports, and regulator submissions.

Q3 2025

Vendor portal

Self-service questionnaire link for suppliers — no AISEC account required for respondents.

AI Audit Agent

Autonomous agent that continuously monitors your posture, writes gap commentary, requests evidence, and drafts corrective action plans.

Custom AI model support

Bring your own Claude API key or connect to locally hosted models for highly sensitive environments.

Multi-framework simultaneous compliance

Map a single control once and generate mapped evidence, narratives, and reports for every framework you operate under.

Regulatory change monitoring

Track amendments to ISO 27001, SOC 2 criteria, GDPR guidance, NIS2 implementing acts, and DORA RTS — notified before they affect your programme.

AI red-teaming playbooks

Structured adversarial testing workflows for AI systems in your inventory, aligned to NIST AI RMF and MITRE ATLAS.

Compliance data marketplace

Share anonymised benchmark data with the community; consume peer posture data to calibrate your own risk appetite.