Compliance mapping

Evidence your auditors can verify, not claims you ask them to trust.

The CISO is now personally accountable for what autonomous agents do on the company's behalf. The board and the regulator want a repeatable chain of evidence — what each agent did, why, under what policy, and provably untampered. Every Track decision produces a signed, externally-timestamped event record. This page maps those records to the frameworks your procurement, legal, and compliance teams actually cite — sequenced by the order in which most regulated buyers encounter them.

What these claims mean. "Aligned with" and "evidence for" describe how Track's enforcement record and control coverage map to a framework's requirements — not that Track itself is certified. SOC 2 Type II is in observation, not certified. ISO/IEC 42001 is a roadmap alignment claim, not a certification. EU AI Act Art. 12 / 28.2 mappings are our claimed evidence packaging, not regulator-reviewed. A third-party penetration test is commissioned but not yet completed.
Framework sequencing

The order enterprise buyers encounter these. EU AI Act first.

Procurement, legal, and the CISO office do not pick frameworks alphabetically. They resolve in the order below — driven by regulatory deadlines, certification differentiation, and buyer gates.

01 · FORCING FUNCTION
EU AI Act Art. 12 / 14 / 15
High-risk AI obligations go live August 2026. Event logging, human oversight, accuracy & robustness.
02 · DIFFERENTIATOR
ISO/IEC 42001
AI management system certification. Few competitors can meaningfully help a buyer prepare. Roadmap alignment today.
03 · PROCUREMENT GATE
SOC 2 Type II
CC4 / CC7 monitoring evidence. Table stakes for enterprise vendor intake. In observation.
04 · CONTROL MAP
OWASP Agentic Top 10
1:1 control mapping across all 10 risks — for security-team buy-in and red-team conversations.

Supporting evidence: DORA (EU financial services resilience), HIPAA (PHI-adjacent agents), NIST AI RMF, MITRE ATLAS. These reinforce — they are not the primary buyer frame.

Primary frameworks

Control-level mapping, artifact-level evidence.

For each framework, which Track capability the control maps to — and which field of the signed trace record your auditor verifies.

EU AI Act
Evidence mapped
Art. 12 logging · Art. 14 human oversight · Art. 15 accuracy & robustness · Art. 28.2 provider obligations. High-risk AI obligations enforced from August 2026.
Track's enforcement record is structured to serve directly as Art. 12 logging evidence. Every tool-call decision is timestamped, signed, and hash-chained — auditors verify without trusting Track infrastructure.
  • Art. 12 (Record-keeping) — SHA-256 event chain with RFC 3161 external timestamps (DigiCert / Sectigo) and Sigstore Rekor anchoring of chain tips. Event-level, not session-level. Bounded rollback distance via OPS-TLOG transparency log.
  • Art. 14 (Human oversight) — REQUIRE_APPROVAL decision with webhook-routed human sign-off; approver identity and timestamp recorded on the trace.
  • Art. 15 (Accuracy & robustness) — Inspector decisions, confidence scores, and fail-closed enforcement are part of every record. Reproducible scorecards against 2,541 real cases from five SOTA agent-security benchmarks (AgentDojo, InjecAgent, ASB, WASP, MCPSecBench) back the accuracy claim — 100% mean detection, ≤10.8% worst-case FPR, regression-gated per PR.
  • Art. 28.2 (Provider obligations) — Signed policy bundles + policy-change history give a reviewable trail of governance decisions.
ISO/IEC 42001
Aligned · roadmap
AI management system standard. Certification is emerging as a differentiator few competitors can help a buyer prepare for.
Track aligns to the operational clauses most relevant to runtime enforcement. We can hand a buyer the artefacts that map directly to their certification audit.
  • Clause 8 (Operation) — Policy-as-code + signed bundles + change history give an operational control plane that maps cleanly to clause 8 evidence.
  • Clause 9 (Performance evaluation) — Hash-chained decision records are a ready-made evidence surface for monitoring, measurement, and internal audit.
  • Annex A controls — Track contributes to A.6 (AI system lifecycle), A.8 (data for AI systems), and A.9 (information for interested parties).
SOC 2 Type II
In observation
AICPA Trust Services Criteria. Procurement gate for enterprise vendor intake. Track is currently inside an observation window, not yet certified.
Enforcement decisions flow into customer SIEM as structured events — auditors pull directly from the customer's existing evidence collection, not from Track.
  • CC4 (Monitoring) — Hash-chained event stream is a tamper-evident control-monitoring record, not just application logs.
  • CC7 (System operations) — Fail-closed enforcement, explicit four-outcome decisions, and signed policy bundles give evidence for change management and incident response criteria.
  • CC8 (Change management) — Signed policy-change history with Ed25519 bundle signatures as the cryptographic audit surface.
OWASP Agentic Top 10
10 / 10 covered
The industry control map for agent-specific risk. Verified in Track's internal coverage test suite. ASI04 (supply chain) moved Partial → Covered with signed MCP manifests; ASI10 (rogue agents) supplemented by OPS-TLOG transparency-log anchoring.
Every risk in the OWASP Agentic Top 10 has at least one Track control mapped to it. The test suite exercises each pairing, and the coverage record is available during technical walkthrough.
  • A1 Memory Poisoning, A2 Tool Misuse, A3 Privilege Compromise — policy-dimension checks + inspector gating at the tool-call boundary; vector injection detection for retrieval-store poisoning.
  • A4 Resource Overload, A5 Cascading Hallucinations — rate caps, obligations, decision TTLs, and the coordination-cascade kill switch as enforced controls.
  • A6 Intent Manipulation, A7 Misalignment, A8 Identity Spoofing — delegation-chain validation, signed execution tokens, sub-agent delegation contracts, and the manifest drift inspector close the scope-narrowing gap.
  • A9 Traceability Loss, A10 Unexpected RCE — hash-chained record anchored to Sigstore Rekor + RFC 3161 TSA, plus fail-closed shell / code-exec adapters and workspace_state events for every write/delete.
  • ASI04 Supply Chain (Covered) — Ed25519-signed MCP tool manifests with pinned publisher keys; drift on a known publisher auto-trusts, unsigned/rotated keys gate on policy.
Supporting evidence

Secondary frameworks Track reinforces.

Not the primary buyer frame — but regularly cited alongside the big four in vertical-specific procurement (financial services, healthcare) and security-team reviews.

DORA
Supporting
EU Digital Operational Resilience Act. Financial services. Live since January 2025.
Hash-chained decision records and fail-closed enforcement contribute to ICT incident evidence and third-party-risk oversight requirements.
HIPAA
Supporting
US PHI protection. Relevant when agents touch patient data.
PII / PHI inspectors gate tool calls before execution; obligation-mode redaction applies masking on response paths. Customer-held keys keep PHI inside the covered entity's environment.
NIST AI RMF
Supporting
US federal reference model. Govern · Map · Measure · Manage.
Track contributes operational artefacts for the Measure and Manage functions — decisions, inspector findings, and control-coverage records flow directly to risk dashboards.
MITRE ATLAS
Supporting
Adversarial ML threat knowledge base. Useful for red-team mapping; not a procurement driver on its own.
Inspector coverage maps to the ATLAS techniques relevant to agent tool-use adversarial paths — we reference ATLAS when walking security teams through the threat model, not as a headline claim.
What the auditor sees

One record. Every framework finds its evidence.

The same signed trace event feeds EU AI Act Art. 12 record-keeping, SOC 2 CC4 monitoring, and OWASP Agentic control coverage. No bespoke export path per framework.

trace · 7b3f4c91a2e8d204 — fields mapped

event_hash
SHA-256 chained to prior · EU AI Act Art. 12 · SOC 2 CC4
tsa_timestamp
RFC 3161 · DigiCert · Sectigo · Externally verifiable · non-repudiable
tlog_anchor
Sigstore Rekor inclusion proof · OPS-TLOG · bounded rollback distance
policy_bundle_id
Ed25519-signed · SOC 2 CC8 · ISO 42001 clause 8
decision · risk_tier
allow / deny / require_approval / allow_with_obligations · CRITICAL/HIGH/MEDIUM/LOW · OWASP A2 / A3 / A7
approver
If REQUIRE_APPROVAL: identity + timestamp · EU AI Act Art. 14
inspectors
Parallel findings + per-inspector latency + confidence · EU AI Act Art. 15 · OWASP A1–A10
delegation_chain
RFC 8693 hops + JWKS + sub-agent contract IDs · OWASP A7 · A8
manifest_attestation
Session manifest + drift findings + failure patterns · OWASP A6 · A7 · ASI10
mcp_publisher_key
Pinned Ed25519 publisher key + signature status · OWASP ASI04 · supply chain
workspace_state
Artifact + role + change_kind for every write/delete · DORA ICT incident · NIST AI RMF Manage
execution_token
Ed25519 bound to action_hash · Non-repudiation · TOCTOU-proof

Want the artefact pack for your auditor?

We'll run a 45-minute compliance walkthrough — bring your procurement questionnaire, your framework list, or your auditor's control matrix. We'll map cell-by-cell.

Book a compliance walkthrough