{"slug": "open-source-customizable-compliance", "title": "Open-Source Customizable Compliance", "summary": "A Northeastern University student developed an open-source customizable compliance agent that automates SOC 2 evidence collection and reporting for lean SaaS, Fintech, and Healthtech teams. The tool connects via AWS APIs, maps evidence to controls, and generates verifiable auditor reports with SHA-256 tamper-evident chains of custody.", "body_md": "First of all, why care? Compliance is a messy process. As Startups scale, it can be very very costly & a lot of existing tools don't give you the best bang for your buck, especially as a smaller team on AWS going through SOC 2 for the first time. I created something to fix that.\n\nA ton of time for teams is spent perfecting SOC 2, trying to prove trust to their customers, unlock enterprise deals, or even scale & grow. The end goal for any company is to grow. We help them grow faster, in a more verifiable way, and customizable to their needs rather than one-size-fits all solutions.\n\nTo preface: I'm a student at Northeastern, building around this space after seeing manual compliance & broken automated processes burn a ton of time for family members.\n\nWhat is it: Its a way of automating busywork put simply. It's a customizable compliance agent that connects via AWS APIs, collects evidence, maps it to controls, & generates an auditor report.\n\nBasically turbotax for security audits.\n\nBest Use Cases: SOC 2 Evidence Automation, Verifiable evidence reports, Policy Writing, Risk Management automation, customizable controls for the user.\n\nMade for lean, SaaS/Fintech/Healthtech teams (1-30 members) that use AWS/Github for infrastructure, undergoing or thinking about their first SOC 2 Type l audit.\n\nIncludes:\n\n-> Pre-audit readiness scan (completely frictionless & fee): An Agent connects to your AWS via APIs, collects evidence across 40+ AWS Services & Maps it to 12 core SOC 2 Controls (TSC). ~2 mins to completion\n\n-> Platform where user has their own individually managed org workspace. Create their own customizable controls & run the scan continuously to collect evidence. What is customizable controls? the unique policies, & procedures that your company uses, integrated into the SOC 2 ecosystem with the click of a button.\n\n-> Verifiable reports. Reports that can be sent to an auditor in under an hour. Verifiable, SHA-256 tamper evident chains of custody that includes the exact timestamp, control & service for each evidence item. Why is this important? Many existing tools are black-box dashboard with a checkmark. To save WEEKS if not MONTHS of back & forth with auditor friction, this is an easy way to verify evidence.\n\nhere's a free checklist for taking the time to read through this (i'm sure its more fun watching paint dry on a wall then to read about compliance):", "url": "https://wpnews.pro/news/open-source-customizable-compliance", "canonical_source": "https://dev.to/adog0822/open-source-customizable-r-3dg1", "published_at": "2026-06-29 01:49:21+00:00", "updated_at": "2026-06-29 02:27:00.907661+00:00", "lang": "en", "topics": ["ai-agents", "developer-tools", "ai-products"], "entities": ["Northeastern University", "AWS", "SOC 2", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/open-source-customizable-compliance", "markdown": "https://wpnews.pro/news/open-source-customizable-compliance.md", "text": "https://wpnews.pro/news/open-source-customizable-compliance.txt", "jsonld": "https://wpnews.pro/news/open-source-customizable-compliance.jsonld"}}