Try free

Integrations

Connected to the systems your program already runs on.

Every integration is tied to specific evidence categories: what each system contributes to which controls, in which framework. The list grows; we don't ship "100+ integrations" by counting checkbox icons.

Cloud infrastructure

Where the workload lives.

Cloud accounts are the source of truth for most CC-series and Annex A.8 controls: IAM, encryption posture, logging configuration, network segmentation.

  • Amazon Web Services

    Available

    Evidence: IAM users + policies, MFA enforcement, S3 encryption + access logs, CloudTrail, GuardDuty findings, KMS key rotation.

  • Google Cloud

    In preview

    Evidence: IAM bindings, Cloud Audit Logs, encryption configuration, KMS, VPC firewall rules.

  • Microsoft Azure

    In preview

    Evidence: Entra ID, role assignments, Activity Log, Defender for Cloud findings, storage encryption.

Identity and access

Who has access to what.

Identity systems are the source of truth for access reviews, joiner-mover-leaver, MFA enforcement, and SSO coverage.

  • Okta

    Available

    Evidence: User directory, group memberships, MFA factors, SSO assignments, admin role history, sign-in activity.

  • Google Workspace

    Available

    Evidence: Users, groups, 2-step verification status, admin roles, OAuth-granted apps, mobile-device posture.

  • Microsoft 365

    Available

    Evidence: Entra ID users, MFA status, conditional access policies, role assignments, audit logs.

Code and DevOps

How software actually gets built.

Source-of-truth for CC8 change management, branch protections, code review, secret scanning, and SDLC controls.

  • GitHub

    Available

    Evidence: Org members + teams, branch protections, required reviews, secret scanning alerts, Dependabot findings, signed commits.

Workforce

Who works here, and on what.

HRIS feeds the source of truth for access reviews, employee onboarding/offboarding, and the policy-acknowledgement program.

  • BambooHR

    On the roadmap

    Evidence: Employee roster, hire/termination dates, role assignments, policy acknowledgement signatures.

  • Jamf

    On the roadmap

    Evidence: Managed device inventory, encryption + screen-lock posture, OS patch state, MDM enrollment.

Communication

Where the team coordinates.

Outbound channels for compliance notifications, incident escalation, and policy attestations.

  • Slack

    Available

    Evidence: Per-channel notifications for control drift, evidence freshness, audit-window milestones, and policy acknowledgement nudges.

Missing your stack?

Tell us what to build next.

We prioritize integrations by what real customers ask for, and our connector framework lets us ship a new one in days, not quarters. Send the system you need and the controls it would cover.