SOC 2 Compliance Dashboard

SuiteCentral 2.0 — Built by Auditors, for Auditability

Trust Services Criteria Alignment • Live Evidence Collection

SOC 2 Trust Services Criteria

  • JWT Authentication — Token-based auth with production secret validation (src/middleware/auth.ts)
  • RBAC Permissions — Role-based access control on all sensitive endpoints (src/middleware/rbac.ts)
  • Timing-Safe API Key Validationcrypto.timingSafeEqual prevents timing attacks
  • Rate Limiting — Enforced in production; fail-fast guard on misconfiguration
  • Production Guards — JWT_SECRET validation, demo-mode blocking, rate-limit enforcement at startup
  • Health Check Endpoints/health for load balancer and Kubernetes probes
  • Circuit Breaker Pattern — Automatic failure isolation for external service calls
  • Disaster Recovery — Documented recovery procedures with RTO/RPO targets
  • Auto-Scaling — Kubernetes Helm chart with 2-10 replica scaling (Helm + Terraform IaC)
  • AI Confidence Scoring — Every mapping includes a 0-100 confidence score with breakdown
  • Hallucination Detection — GovernanceService validates AI output against known schemas
  • Schema Drift Blocking — Syncs blocked on critical drift; structured SCHEMA_DRIFT_BLOCKED result
  • Reasoning Traces — DB-persisted step-by-step AI decision audit trail
  • DLP/PII Detection [snapshot]
  • Sensitive Data Masking — Shared maskSensitiveData() utility redacts sensitive field names (password, token, secret, etc.) from all log output
  • Encrypted Credential Storage — Connector credentials encrypted at rest via ConnectorCredentialService
  • GDPR/CCPA Compliance — DLP service designed for EU and California privacy regulations
  • Audit Trail Logging — Every AI action logged with user ID, timestamp, and action type
  • Data Retention Policies — Configurable retention with 90-day default purge cycle

Compliance Metrics

Loading compliance data...
Live API access requires authenticated demo mode. Showing representative metrics.
Reasoning Traces

DB-persisted sessions

AI Cost Total

Across all providers

Audit Actions

Session-scoped event log

Compliance Rate

Actions passing governance

Authenticated demo mode is required for live evidence export.

Regulatory Timeline

EU AI Act Aug 2, 2026

EU Artificial Intelligence Act — Full enforcement of high-risk AI system requirements including transparency obligations, conformity assessments, and post-market monitoring.

CO AI Act Jun 30, 2026

Colorado AI Act (SB 24-205) — Requires developers and deployers of high-risk AI systems to use reasonable care to prevent algorithmic discrimination.

Built by Auditors

CPA-Grade Audit Trails

Every AI decision is logged with user, timestamp, inputs, outputs, and confidence score — the same rigor Squire applies to client engagements.

SOC 2 Alignment from Day 1

All five Trust Services Criteria mapped to production code. Not a retrofit — compliance was a design requirement from the first commit.

Evidence Export in One Click

Download a structured JSON evidence package covering reasoning traces, AI costs, and audit actions — ready for your SOC 2 auditor.