Loading…
Loading…
Compliance posture management across SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, DORA, and NIS2. Generated end-to-end on the Archiet pipeline as the reference for shippable, production-grade security SaaS output.
Compliance frameworks
7
Platforms
Web + Mobile (Expo)
Auth
JWT httpOnly cookies
Multi-tenancy
Postgres RLS
Stack
Flask + Next.js + Expo
Audit log
Hash chain + SIEM export
Security & Compliance Hub is a SaaS that lets a security team upload their architecture and run gap analysis across seven compliance frameworks in parallel. Each framework produces a control matrix with pass / fail per control, populated runbooks (DSAR, erasure, BCDR), and a board-ready PDF report. Customers can subscribe to monthly automated re-checks.
It is the dogfood reference for Archiet's production-grade scaffold promise: the customer should be able to download the ZIP, follow the README, deploy with docker-compose, then customize 2–3 days for their domain — versus 2–4 weeks of scaffolding from scratch. Every gap the build surfaced (forgot-password page missing, mobile onboarding screens incomplete, audit-log not hash-chained, etc.) was fixed in the templates so the next generation gets it right by default.
SOC 2 Type II
Trust services criteria mapped to control matrix; auditor evidence pack scaffold included.
ISO 27001
Annex A controls mapped per workspace; statement of applicability template generated.
GDPR + UK GDPR
Article-by-article gap analysis. DSAR runbook + erasure runbook ship in the bundle.
HIPAA
Strict-mode flag + BAA template. PHI-aware data segregation patterns embedded in generated code.
PCI-DSS L1
Scope-minimization patterns embedded in generated payment flows; tokenisation default.
DORA
EU operational resilience reporting templates. Critical ICT third-party register scaffold.
NIS2
Reporting-window logic + incident-classification matrix. Member-state CSIRT contact registry.
Audit-log hash chain
Every API call writes an append-only event into the audit log. Each row carries a SHA-256 hash of the previous row + canonical payload. SIEM export emits the chain in JSONL with provenance proofs — auditors can verify nothing was altered after the fact.
Postgres RLS multi-tenancy
Every query is automatically scoped to workspace_id via Row-Level Security policies. Generated code never calls Query.all() without a workspace filter — the architecture rule is enforced by the codegen pipeline, not just convention.
JWT httpOnly cookies
Auth tokens are httpOnly + Secure + SameSite=Lax cookies. Never localStorage, never AsyncStorage. The mobile app gets the same cookie via expo-cookie, so XSS cannot read auth credentials.
Compliance overlays
Each framework is an overlay applied to the genome. Generated code carries inline comments referencing the control IDs that justify each pattern (e.g. "// CC6.1: Encryption at rest"). Generated docs cross-link the overlay back to the code.
Forgot-password, reset-password, verify-email, settings, and onboarding pages exist on the web.
Mobile app ships with onboarding walkthrough, settings tab, forgot-password, and verify-email screens.
App Store compliance files present: EAS config, privacy policy screen, review prompt, OTA update check.
Generated test pack covers: contract tests, behavioural tests, security tests (auth bypass, SQL injection, XSS, CSRF).
Stripe-orchestrated billing with PCI scope minimization. Provider failover to Paddle / Paystack / Flutterwave.
All seven frameworks ship as compliance overlays in every Archiet workspace. Add the overlays you need to your genome; the platform emits control matrices, runbooks, and SIEM-ready audit infrastructure alongside the application code.