Governed connections to your stack.
Read-only connections to the platforms you already trust. Nothing is moved, copied, or ingested — proof is watched at the source.
Operationalize your environment.
Depth 02 runs your governance live. We connect to the systems already running your business, put your mapped controls into force, and keep a continuous, independent record your compliance lead can pull anytime — evidence, never data.
What this depth delivers
A continuous record, owned by you, kept by us.
Your company already runs the systems that hold its proof — Salesforce, Microsoft 365, Google Workspace, AWS, Okta. The proof exists; it just isn’t collected, current, or defensible. Bylaw Evidence Core closes that gap without taking possession of a single underlying record — priced on how complex your governance is, never per seat.
- You have policies and controls on paper, but proving them is a quarterly scramble.
- Frameworks like SOC 2, ISO 27001, HIPAA, or the EU AI Act are in scope or on the roadmap.
- You will not hand a vendor your customer data to get there — and you shouldn’t have to.
Included at this depth
What we put in place.
Controls mapped to frameworks.
Your obligations under SOC 2, ISO 27001, HIPAA, GDPR, and the EU AI Act become checkable controls — written in your language, traceable to theirs.
The continuous evidence record.
Timestamped, hashed proof that controls are met — current every day, pullable by your compliance lead, defensible to a third party.
What runs underneath
The record, and the rules that keep it honest.
The evidence record is not a dashboard your team maintains. It is a workspace your company owns, fed by your systems, with a fixed set of rules that make the record defensible to an outsider.
Checkable, not vague.
Each control is one sentence, one operator, one expected value, and the signal it reads — so a verdict is computed, not asserted.
Three signatures to go live.
Nothing becomes a live control until three roles sign the exact set: your department admin, your tenant admin, and Bylaw. Edit anything afterward and the signatures void — the gate reopens.
One door, hash-chained.
Every action passes through a single door that records it first, each entry carrying the hash of the one before. Change a past record and every link after it breaks. A one-click check verifies the whole chain.
An edge wall on the wire.
Personal identifiers — emails, IDs, names — are rejected before anything crosses to us, to a partner, or into the trail. The record carries proof, never content.
Drift caught as it happens.
When a system setting wanders off an approved control, the record shows it on the next check — not at the next annual review. Running live is the whole point.
Reports you can hand over.
Built from a fixed set of types, with the hash of every item embedded so tampering shows. Exports require named approval. You own the record, and keep it if you leave.
Salesforcecrm
Microsoft 365productivity
Google Workspaceproductivity
AWS / Azurecloud
Oktaidentity
Where this sits
One engagement, three depths.
The environment.
Rules mapped, contradictions surfaced, scenarios simulated.
You are here
Live operations.
Your systems connected and continuous evidence kept current, run full time.
The full-time specialist.
An embedded officer runs the environment and the live operations for you.