Governance
Compliance & Audit Readiness
SOC 2, ISO 27001, HIPAA alignment, with evidence collection built into operations.
Controls, Not Checkboxes
CloudPresto practices controls aligned with SOC 2, ISO 27001, and CIS benchmarks. We share current control evidence during security reviews rather than relying on certification logos.
Compliance is a continuous operational practice, not a point-in-time audit. Every change, every access event, every operational decision feeds into the evidence stream.
Framework Alignment
| Framework | Alignment | Evidence Available |
|---|---|---|
| SOC 2 | Controls aligned to Trust Service Criteria | Change logs, access reviews, incident records, monitoring evidence |
| ISO 27001 | ISMS-aligned operational controls | Risk assessments, control documentation, audit trails |
| CIS Benchmarks | Infrastructure hardened to CIS Level 1+ | Configuration scan results, remediation records |
| HIPAA | Technical safeguards for protected environments | Access controls, encryption evidence, audit logs |
Evidence Collection
Audit evidence is collected automatically as a byproduct of normal operations:
- Change audit trails: every infrastructure change logged with who, what, when, and why
- Access logs: all authentication and authorization events with full attribution
- Incident records: detection, response, containment, and resolution documented for every event
- Configuration evidence: regular scans verify infrastructure matches hardened baselines
- Review records: access reviews, business reviews, and governance meetings documented
When your auditor asks for evidence, it's already collected, organized, and ready. Evidence packages can be generated for any time period within retention windows.