§ 01 — Security & ComplianceDocument · REG-SC-2026.04

Controls, not claims.
Evidence, not assertions.

Regisseur is built for regulated operators whose auditors ask pointed questions. Each control below maps to a platform mechanism or a diligence artifact we can review under NDA.

Frameworks in scope Full security & trust overview Related: safety model
Artifacts available under NDA.
Audit requests: ross@regisseur.ai
SOC 2Aligned controls · diligence-ready
HIPAAPHI-scoped workflows
Regulatory floorRuntime policy gates
Deployment modelOn-prem capable
TenancyIsolated workspaces
RetentionPolicy-configurable
§ 02 — Frameworks in scope

What the control story maps to.

§
General

SOC 2-aligned controls

Security, Availability, and Confidentiality controls map to platform mechanisms and review artifacts.

  • Control mapAvailable under NDA
  • AttestationNot yet held · on roadmap
  • OwnerNamed per control
§
Healthcare data

HIPAA

PHI flows through scoped workflows, tokenized links, and workspace-bounded provider calls. Logs stay clean at serialization boundaries.

  • BAANot yet · on roadmap
  • PHI in logsSerialization guard
  • Link TTLsPer-workflow configurable
§
Domain policy

Runtime policy gates

Domain rules compile into gates. Violations fail closed with the exact criterion cited.

  • Rule versionPinned per work item
  • Failure modeFail closed + cite
  • Audit artifactLineage ledger entry
§
Data standards

Structured payload lineage

Normalized payloads preserve lineage end-to-end between systems of record and the ledger.

  • PayloadPreserved, not flattened
  • Schema driftVersioned & detected
  • InteropSystems of record · CRM · ticketing
§ 03 — Control model

Representative control families, mapped to runtime mechanisms.

This is the control model Regisseur is built to — representative of the families an auditor reviews, mapped to platform mechanisms. Independent SOC 2 attestation is on the roadmap, not yet held; the working control register is available under NDA.

regisseur · compliance · control-register
REG-TRUST-2026.Q1
ControlFamilyFrameworkImplementationEvidence (target)
CC-6.1AccessSOC 2Workspace RBAC · admin-gated settingsAccess review log
CC-6.6EncryptionSOC 2AES-256 at rest · TLS 1.3 in transitKey rotation ledger
CC-7.2MonitoringSOC 2Anomaly alerts · on-call rotationIncident register
CC-8.1Change mgmtSOC 2Signed promotion · immutable releasesRelease timeline
HIPAA-§164.308AdminHIPAAWorkforce access managementRole assignment log
HIPAA-§164.312TechnicalHIPAAAudit trail · PHI tokenizationLedger export
HIPAA-§164.514De-idHIPAAPHI stripped from logs at serializationSerializer test suite
POLICY-2.1Domain gateCustomer policyRuntime check · fail closedLineage entry per work item
POLICY-2.3DisclosureCustomer policyDisclosure scaffold · versionedDocument hash in ledger
REG-01OrchestrationInternalAutonomy ceiling · compiler-enforcedPipeline manifest
REG-02OrchestrationInternalEmergency brake · workspace-scopedBrake event log
REG-03OrchestrationInternalMCP registry · bounded toolsRegistry manifest
REG-04Provider opsInternalWorkspace-pluggable providersCredential test ledger
REG-05External partiesInternalToken-gated portal linksPortal token ledger
Control model mapped to runtime mechanisms
Register REG-TRUST-2026.Q2 · full list under NDA
§ 04 — Data handling

Where PHI goes. Where it doesn’t.

In
Structured payloads · document retrieval · tokenized third-party responses.
Stored where
Single-region US · per-workspace encryption key · customer-owned retention schedule.
Never in
Application logs · training data · third-party analytics · model fine-tuning corpora.
LLM exposure
PHI redacted before prompt assembly · redaction is a compiler pass, not a runtime hope.
Out
Only to systems of record listed in your workspace manifest · every write-back logged.

Identity and access controls — single sign-on, role-based access, scoped service tokens (external callers never get user identities), key rotation, configurable PII/PHI masking, and per-workspace cost ceilings — are detailed in enterprise controls.

§ 05 — Incident response

If something breaks, here is what happens.

T+0:00
Detect
Anomaly detector raises. On-call paged. Timer starts.
T+0:15
Contain
Workspace-scoped emergency brake available to the on-call. One action pauses every agent.
T+1:00
Notify
Affected customers notified with scope, timeline, and initial findings. No "we're looking into it" boilerplate.
T+72:00
Report
Full post-incident with ledger export, root-cause, remediation, and regression test in the suite.
§ 06 — Request artifacts

Diligence packet. Control register.
Security questionnaire. Under NDA.

For CTOs, distribution partners, and operators under diligence. Artifacts are delivered to a named counterparty after mutual NDA.

Request artifacts Read the safety contract
Email
ross@regisseur.ai
Turnaround
2 business days post-NDA
Scope
Control map · provider ledger · security questionnaire