Skip to main content

Compliance

Igris generates compliance artifacts populated from your actual audit events — not templates filled with placeholder data. This gives auditors and regulators evidence backed by real system behavior.

Supported Frameworks

HIPAA BAA

Generate Business Associate Agreements as PDF with digital signature workflow.

SOC 2 Evidence

Export evidence mapped to Trust Services Criteria with Type II validation.

Plan Gating

Compliance features are available on higher-tier plans:
FeatureFreeGovern ($49)Comply ($199)Enterprise ($499)
HIPAA BAA GenerationYesYes
SOC 2 Evidence ExportYesYes
Custom Compliance ReportsYes
Attempting to access a compliance feature not included in your plan returns a 403 Plan Required error. Upgrade under Settings → Billing.

How It Works

  1. Audit events accumulate — every proxy tool call and ingested log is stored in the unified audit_events table
  2. Compliance engine queries — when you generate an artifact, Igris queries the relevant events for your date range
  3. Auto-population — fields like “number of access controls enforced”, “denied requests”, and “processing activities” are filled from real data
  4. Validation — for SOC 2, Igris validates Type II requirements (90-day minimum observation period)
  5. Export — download as PDF (BAA), CSV/JSON (SOC 2 evidence), or view in the dashboard

Evidence Integrity

SOC 2 evidence exports include HMAC-SHA256 integrity hashes. This allows auditors to verify that exported evidence hasn’t been tampered with after generation.