Built for the enterprise your operation deserves.
Live SOC 2 control status, honest evidence, and the machine-readable artifacts your compliance team needs.
Live control status
Status reflects the current state as of the last registry update. Partial means partial. We do not inflate control status.
Common Criteria — Control Environment
Common Criteria — Security (Access)
Common Criteria — Security (Monitoring)
Common Criteria — Security (Logging)
Availability
Processing Integrity
Confidentiality
Privacy
Evidence-backed operating procedures
Incident Response
NIST 800-61r2-aligned. Four severity tiers, six phases, per-incident containment playbooks, and tabletop cadence.
Access Review
Quarterly recertification — enumerates admin users, roles, and last-login. CEO sign-off required each cycle.
Schema Discovery
Maps database tables to business entities. Used during quarterly access reviews and external audit prep.
Post-Mortem Template
Blameless five-section template with mandatory timeline, root cause, contributing factors, and prevention fields.
Ingest directly into your compliance tool
OSCAL SSP
System Security Plan covering 11 AICPA TSP controls wired to shipped evidence. Vanta, Drata, and FedRAMP can ingest directly.
Download sentus-ssp.json →Software BOM
Public SBOM listing all dependencies and license data. Refreshed on every production deployment.
View Live SBOM →Supply-Chain Attestation
Every production push emits signed SLSA Build L3 provenance and CycloneDX SBOM via GitHub OIDC. Verifiable offline.
Every Sophia call is scanned for discrimination risk.
Our fair-housing-compliance worker processes every voice transcript and chat message in real time. Risk levels range from none to critical. High or critical findings trigger an automatic alert to the legal queue and an append-only audit entry.
Sophia assists — she does not decide. Final housing decisions remain with the licensed property manager. All AI recommendations are advisory and logged for auditability.
Questions about compliance or security?
Security reports acknowledged within 48 hours. Legal and compliance inquiries within one business day.
To report a vulnerability, email [email protected] with subject [VULN]. Please do not disclose publicly before we have addressed it.
Enterprise-ready from day one.
Book a demo and see the platform your compliance team has been waiting for.