Compliance frameworks

Auto-generated evidence from your live activity log. Reports reflect reality, not promises.

Generate a report at /incidents → Compliance tab (shipping in Phase 5). Reports are PDFs, time-bounded (e.g. "Q3 2026"), and tamper-evident.

SOC 2 Type II

CC6.1, CC6.6, CC6.7, CC7.2

Logical access controls + system monitoring. Cisora's immutable action log + policy enforcement + incident detection map directly.

A.5.15, A.8.9, A.8.16

Access control, configuration, monitoring. Audit log of every agent action + credential governance covers all three.

Full coverage of clauses 6-10

New (2026) AI-specific management system standard. Cisora was designed against this framework — inventory, risk, controls, monitoring all built in.

Art. 12 (logging), Art. 14 (human oversight), Art. 15 (accuracy)

Mandatory logging for high-risk AI systems + human-in-the-loop for review decisions + cost/quality anomaly tracking.

Govern · Map · Measure · Manage

Full lifecycle mapping. Each function has Cisora primitives — agent inventory (Map), policies (Manage), incidents (Measure), retention (Govern).

§164.308(a)(1) + access management

Audit controls and access management for any agent touching PHI. Field-level redaction available for HIPAA-sensitive metadata.

Need a framework that's not here?

The data model is framework-agnostic. Email contact@cisora.io with the controls you need to map and we'll wire it.