The control plane, proven.
MFA enforcement, access reviews, joiner-mover-leaver discipline, and privileged-role assignment across Okta and Entra ID — the plane everything else depends on.
Where most audits start.
Identity governs access to everything else, which is why auditors start there. We keep MFA, access reviews, lifecycle discipline, and privileged roles proven continuously — the control plane, on the record.
- MFA enforcement proven across the population.
- Access reviews and joiner-mover-leaver evidenced on schedule.
- Privileged-role assignment reviewed and recorded.
The control plane, read at the source.
Identity decides access to everything else, so it is the first place Bylaw observes and the place worker packets matter most. A worker packet asks one read-only question (“is MFA still enforced for every privileged role?”, “did the last access-review campaign complete?”) and returns operator, expected, observed, verdict, and hash — never a credential, never a user’s data.
The sealed engine computes the verdict on the far side of a wall, reached with your key, reasoning over policy and event state alone. The edge wall rejects identifiers before anything crosses, and every reading is hash-chained and three-signature-gated. Run continuously, the packets prove the plane is holding between audits, not just on audit day.
One pass answers SOC 2 access criteria, ISO 27001 Annex A, HIPAA administrative safeguards, and the EU AI Act’s access-governance expectations together — Okta access review evidence, Entra ID MFA proof, joiner-mover-leaver governance, and privileged-role oversight, from the control plane itself.