Book a Compliance Audit.
A two-week, fixed-fee engagement to inventory your AI workloads, map them against the regulations you are accountable for, and produce the written evidence your next audit will ask for.
What the audit covers
Shadow-AI discovery
Browser extensions, SaaS connectors, and API integrations are inventoried alongside the data classes flowing through each. The result is a single ranked list of unsanctioned AI usage with severity ratings.
Regulatory gap analysis
Each AI workflow is mapped to the obligations that apply: HIPAA Security Rule, SOC 2 Trust Services Criteria, EU AI Act articles, GLBA safeguards, SEC Regulation S-P, FINRA Rule 4511.
Evidence review
Current logging, retention, and access-control practices are evaluated against what auditors will request. Gaps are documented at the level of the underlying control narrative.
Remediation plan
A prioritized, written plan addressing each finding. Items are scoped by effort, owner, and the specific control or article they close out.
What to expect
Kickoff and scoping
Frameworks in scope are confirmed. Stakeholders are identified across security, compliance, legal, and the business units operating AI workflows.
Discovery and interviews
Technical discovery runs in parallel with stakeholder interviews. Shadow AI is inventoried. Sanctioned workflows are documented with data-flow diagrams.
Gap and evidence analysis
Each workflow is evaluated against the applicable controls. Findings are documented with the specific clauses and articles they touch.
Delivery and debrief
Audit report, remediation plan, evidence-gap inventory, and executive summary are delivered. A 60-minute debrief closes the engagement.
Frameworks in scope
For a complete map of these frameworks to platform capabilities, see the regulation mapping page.
Two weeks. Fixed fee. A written record of where your AI workloads stand against the regulations that apply.