Trust Center

Built for the enterprise your operation deserves.

Live SOC 2 control status, honest evidence, and the machine-readable artifacts your compliance team needs.

9
Controls Implemented or Procedure-Complete
15
AICPA TSP Controls In Scope
2026-07-20
Target Audit Date
Type 1
SOC 2 Target Certification
SOC 2 Type 1 — AICPA TSP

Live control status

Status reflects the current state as of the last registry update. Partial means partial. We do not inflate control status.

Common Criteria — Control Environment

CC1.4
Commitment to Competence — Security awareness training and background checks
Owner: CEO
Policy Declared
CC1.5
Accountability — External penetration test / VAPT evidence
Owner: CEO
In Progress

Common Criteria — Security (Access)

CC6.1
Logical Access — Restrict user access
Owner: engineering
Implemented
CC6.2
User Access Review — Quarterly recertification
Owner: CEO
Procedure Complete
CC6.3
Access Changes — Audit trail for role modifications
Owner: engineering
Partial
CC6.6
Logical Access — Restrict logical access via session hygiene + HSTS + clickjacking
Owner: engineering
Implemented
CC6.7
Data in Transit — TLS 1.2+ / HSTS
Owner: engineering
Implemented
CC6.8
Change Management — PR review + CI gates
Owner: engineering
Implemented

Common Criteria — Security (Monitoring)

CC7.1
System Monitoring — Anomaly detection
Owner: engineering
Implemented
CC7.2
System Monitoring — Anomaly response
Owner: engineering
Implemented
CC7.3
Incident Response — Documented runbook
Owner: CEO
In Progress

Common Criteria — Security (Logging)

CC2.1
Logging — Audit trail on sensitive operations
Owner: engineering
Partial

Availability

A1.1
Availability — Load testing evidence
Owner: engineering
Implemented
A1.2
Availability — Backup + recovery
Owner: engineering
Partial

Processing Integrity

PI1.1
Processing Integrity — Input validation at boundaries
Owner: engineering
Partial

Confidentiality

C1.1
Confidentiality — Secrets management + rotation
Owner: engineering
Implemented

Privacy

P4.2
Privacy — Retention + deletion
Owner: engineering
Partial
Documented Procedures

Evidence-backed operating procedures

🔴

Incident Response

NIST 800-61r2-aligned. Four severity tiers, six phases, per-incident containment playbooks, and tabletop cadence.

docs/soc2/procedures/incident-response.md
🔑

Access Review

Quarterly recertification — enumerates admin users, roles, and last-login. CEO sign-off required each cycle.

docs/soc2/procedures/access-review.md
🗂️

Schema Discovery

Maps database tables to business entities. Used during quarterly access reviews and external audit prep.

docs/soc2/procedures/schema-discovery.md
📋

Post-Mortem Template

Blameless five-section template with mandatory timeline, root cause, contributing factors, and prevention fields.

docs/soc2/procedures/postmortem-template.md
Machine-Readable Evidence

Ingest directly into your compliance tool

📄

OSCAL SSP

OSCAL 1.1.2 / FedRAMP-compatible

System Security Plan covering 11 AICPA TSP controls wired to shipped evidence. Vanta, Drata, and FedRAMP can ingest directly.

Download sentus-ssp.json →
🔍

Software BOM

CycloneDX — live endpoint

Public SBOM listing all dependencies and license data. Refreshed on every production deployment.

View Live SBOM →
⛓️

Supply-Chain Attestation

SLSA Build Level 3

Every production push emits signed SLSA Build L3 provenance and CycloneDX SBOM via GitHub OIDC. Verifiable offline.

gh attestation verify <artifact> --owner Sentus-Ai
Fair Housing + AI Transparency

Every Sophia call is scanned for discrimination risk.

Our fair-housing-compliance worker processes every voice transcript and chat message in real time. Risk levels range from none to critical. High or critical findings trigger an automatic alert to the legal queue and an append-only audit entry.

Sophia assists — she does not decide. Final housing decisions remain with the licensed property manager. All AI recommendations are advisory and logged for auditability.

Seven protected classes monitored
Race, color, national origin, religion, sex, familial status, disability — per Fair Housing Act
Real-time scan on every transcript
Processed before transcripts enter the PM dashboard
Append-only audit log
Never deleted — exportable for auditors on request
AI decisions are advisory only
Human PM approval required for all housing-decision workflows
Contact

Questions about compliance or security?

Security reports acknowledged within 48 hours. Legal and compliance inquiries within one business day.

[email protected] [email protected]

To report a vulnerability, email [email protected] with subject [VULN]. Please do not disclose publicly before we have addressed it.

Enterprise-ready from day one.

Book a demo and see the platform your compliance team has been waiting for.

Book a DemoView Pricing