Open-Source Customizable Compliance

A Northeastern University student developed an open-source customizable compliance agent that automates SOC 2 evidence collection and reporting for lean SaaS, Fintech, and Healthtech teams. The tool connects via AWS APIs, maps evidence to controls, and generates verifiable auditor reports with SHA-256 tamper-evident chains of custody.

First of all, why care? Compliance is a messy process. As Startups scale, it can be very very costly & a lot of existing tools don't give you the best bang for your buck, especially as a smaller team on AWS going through SOC 2 for the first time. I created something to fix that. A ton of time for teams is spent perfecting SOC 2, trying to prove trust to their customers, unlock enterprise deals, or even scale & grow. The end goal for any company is to grow. We help them grow faster, in a more verifiable way, and customizable to their needs rather than one-size-fits all solutions. To preface: I'm a student at Northeastern, building around this space after seeing manual compliance & broken automated processes burn a ton of time for family members. What is it: Its a way of automating busywork put simply. It's a customizable compliance agent that connects via AWS APIs, collects evidence, maps it to controls, & generates an auditor report. Basically turbotax for security audits. Best Use Cases: SOC 2 Evidence Automation, Verifiable evidence reports, Policy Writing, Risk Management automation, customizable controls for the user. Made for lean, SaaS/Fintech/Healthtech teams 1-30 members that use AWS/Github for infrastructure, undergoing or thinking about their first SOC 2 Type l audit. Includes: - Pre-audit readiness scan completely frictionless & fee : An Agent connects to your AWS via APIs, collects evidence across 40+ AWS Services & Maps it to 12 core SOC 2 Controls TSC . ~2 mins to completion - Platform where user has their own individually managed org workspace. Create their own customizable controls & run the scan continuously to collect evidence. What is customizable controls? the unique policies, & procedures that your company uses, integrated into the SOC 2 ecosystem with the click of a button. - Verifiable reports. Reports that can be sent to an auditor in under an hour. Verifiable, SHA-256 tamper evident chains of custody that includes the exact timestamp, control & service for each evidence item. Why is this important? Many existing tools are black-box dashboard with a checkmark. To save WEEKS if not MONTHS of back & forth with auditor friction, this is an easy way to verify evidence. here's a free checklist for taking the time to read through this i'm sure its more fun watching paint dry on a wall then to read about compliance :