§
General
SOC 2-aligned controls
Security, Availability, and Confidentiality controls map to platform mechanisms and review artifacts.
Controls, not claims.
Evidence, not assertions.
Regisseur is built for regulated operators whose auditors ask pointed questions. Each control below maps to a platform mechanism or a diligence artifact we can review under NDA.
§ 02 — Frameworks in scope
What the control story maps to.
§
Healthcare data
HIPAA
PHI flows through scoped workflows, tokenized links, and workspace-bounded provider calls. Logs stay clean at serialization boundaries.
§
Domain policy
Runtime policy gates
Domain rules compile into gates. Violations fail closed with the exact criterion cited.
§
Data standards
Structured payload lineage
Normalized payloads preserve lineage end-to-end between systems of record and the ledger.
§ 03 — Control matrix
Core control families. Each tied to evidence.
| Control | Family | Framework | Implementation | Artifact | Last tested |
|---|---|---|---|---|---|
| CC-6.1 | Access | SOC 2 | Workspace RBAC · admin-gated settings | Access review log | 2026-04-03 |
| CC-6.6 | Encryption | SOC 2 | AES-256 at rest · TLS 1.3 in transit | Key rotation ledger | 2026-04-01 |
| CC-7.2 | Monitoring | SOC 2 | Anomaly alerts · on-call rotation | Incident register | 2026-04-18 |
| CC-8.1 | Change mgmt | SOC 2 | Signed promotion · immutable releases | Release timeline | 2026-04-18 |
| HIPAA-§164.308 | Admin | HIPAA | Workforce access management | Role assignment log | 2026-04-02 |
| HIPAA-§164.312 | Technical | HIPAA | Audit trail · PHI tokenization | Ledger export | 2026-04-18 |
| HIPAA-§164.514 | De-id | HIPAA | PHI stripped from logs at serialization | Serializer test suite | 2026-04-16 |
| POLICY-2.1 | Domain gate | Customer policy | Runtime check · fail closed | Lineage entry per work item | Per item |
| POLICY-2.3 | Disclosure | Customer policy | Disclosure scaffold · versioned | Document hash in ledger | Per item |
| REG-01 | Orchestration | Internal | Autonomy ceiling · compiler-enforced | Pipeline manifest | Per release |
| REG-02 | Orchestration | Internal | Emergency brake · workspace-scoped | Brake event log | 2026-04-10 |
| REG-03 | Orchestration | Internal | MCP registry · bounded tools | Registry manifest | Per release |
| REG-04 | Provider ops | Internal | Workspace-pluggable providers | Credential test ledger | Per provider |
| REG-05 | External parties | Internal | Token-gated portal links | Portal token ledger | Per token |
§ 04 — Data handling
Where PHI goes. Where it doesn’t.
In
Structured payloads · document retrieval · tokenized third-party responses.
Stored where
Single-region US · per-workspace encryption key · customer-owned retention schedule.
Never in
Application logs · training data · third-party analytics · model fine-tuning corpora.
LLM exposure
PHI redacted before prompt assembly · redaction is a compiler pass, not a runtime hope.
Out
Only to systems of record listed in your workspace manifest · every write-back logged.
§ 05 — Incident response
If something breaks, here is what happens.
T+0:00
Detect
Anomaly detector raises. On-call paged. Timer starts.
T+0:15
Contain
Workspace-scoped emergency brake available to the on-call. One action pauses every agent.
T+1:00
Notify
Affected customers notified with scope, timeline, and initial findings. No "we're looking into it" boilerplate.
T+72:00
Report
Full post-incident with ledger export, root-cause, remediation, and regression test in the suite.
§ 06 — Request artifacts
Diligence packet. BAA template.
Control register. Under NDA.
For CTOs, distribution partners, and operators under diligence. Artifacts are delivered to a named counterparty after mutual NDA.