SOC 2

Governance posture for Trust Services Criteria (educational; OSS includes primitives only)

Overview

IOA Core enables runtime guardrails and signed audit evidence aligned to SOC 2 principles: security, availability, processing integrity, confidentiality, and privacy. Complete cartridges with mappings are offered under Restricted Edition. Supports regulatory sandbox pilots with signed evidence bundles. See Seven System Laws.

Guarded Execution

Apply policy gates at request time for least privilege, integrity checks, and traceability.

Immutable Evidence

Generate cryptographically signed bundles auditors can verify end-to-end.

Provider Agnostic

Uniform governance layer across multiple LLM providers and tooling.

How IOA Core Assists

Evidence fields covering policy input/output and decision context.
Runtime checks for security and integrity invariants.
Audit chain storage with tamper-evident guarantees.

Boundary: IOA Core is OSS primitives. Full SOC 2 cartridges live in Restricted Edition.

Discuss SOC 2 posture See Assurance Score How it works

Disclaimer: Governance posture pages are not legal certifications.