Skip to content

Compliance framework: SOC 2 / FedRAMP evidence collection, data residency, key rotation #352

New issue
New issue
Open
Open
Compliance framework: SOC 2 / FedRAMP evidence collection, data residency, key rotation#352
Labels
area/infrastructureDeployment, Terraform, Helm, CIarea/serverCore server (protocols, query, edits)edition/enterpriseEnterprise edition featureeffort/XL🌲 XL: 2-4 days (major system change, architecture impact)enhancementNew feature or requestphase/GAGA scopepriority/P4💡 Future enhancement - evaluate for later phases
Milestone
GA
@mikemcdougall

Description

@mikemcdougall
mikemcdougall
opened on Mar 2, 2026

Context

Government and regulated industries require compliance evidence. Building this into the platform removes months of manual audit prep.

Scope

  • SOC 2 evidence collection: automated control evidence gathering
  • FedRAMP readiness: FIPS 140-2 encryption, boundary documentation
  • Data residency controls: enforce data stays in specified regions
  • Encryption-at-rest key rotation: automated key rotation with zero downtime
  • Compliance dashboard in Admin UI: control status, evidence gaps, audit readiness
  • Export: compliance report generation (PDF/CSV)

References

  • ADR-0024: Enterprise tier feature (Product Assurance pillar)

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/infrastructureDeployment, Terraform, Helm, CIarea/serverCore server (protocols, query, edits)edition/enterpriseEnterprise edition featureeffort/XL🌲 XL: 2-4 days (major system change, architecture impact)enhancementNew feature or requestphase/GAGA scopepriority/P4💡 Future enhancement - evaluate for later phases

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions