AUTOLINX · FEATURES · COMPLIANCE AUDIT Continuous compliance checks against your live network. Evidence packs auto-generated. See pricing →
AutoLinx / Features / Compliance Audit
AUTOLINX FEATURE · 04 COMPLIANCE AUDIT

Continuous compliance —
not the night before the audit.

AutoLinx Compliance Audit continuously checks your live network against the policies you care about — SOC 2, ISO 27001, PCI-DSS, internal change policy, regulatory framework. Drift surfaces in seconds. Evidence packs generate themselves. Production-validated at a government ministry running financial e-service infrastructure.

See pricing → How it works
LIVE POLICY CHECKS · RUNNING NOW
POLICY SCOPE LAST CHECK STATUS SOC 2 · CC6.1 access control all routers 8s ago PASS ISO 27001 · A.13 network security edge routers 12s ago PASS PCI-DSS · 1.2.1 firewall rule audit DC firewalls 2s ago ! DRIFT CHANGE POLICY approval trail last 24h pushes 5s ago PASS REGULATOR · TH BoT IT standard all branches 7s ago PASS + EVIDENCE PACK GENERATED SOC2-CC6-2026Q2.pdf · 47 controls · signed ↓ download 73 policies tracked · 1 drift open · 0 violations · audit-ready
checks every change, every minute, every device evidence → seconds
WHAT IT DOES

Three capabilities that replace audit panic.

Compliance Audit isn't a tool you run before an audit. It's running continuously — every minute, every device, every change. By the time the auditor arrives, the evidence is already there.

Continuous policy check

SOC 2 · ISO 27001 · PCI · custom

Pre-built policy packs for common frameworks — SOC 2 (CC controls), ISO 27001 (Annex A), PCI-DSS, NIST CSF. Plus customer-defined policies in YAML for internal standards or regulator-specific requirements. Every check runs continuously against the live network — not on schedule, not on demand.

Auto-generated evidence packs

PDF · signed · auditor-friendly

For any framework and any time window, generate a complete evidence pack: per-control evidence, sample sizes, timestamps, signing chain, exceptions. Auditor opens the PDF, sees what they need, signs off. The night-before-audit scramble disappears.

Drift detection + remediation

flag → propose fix → engineer approves

When a device drifts from policy — firewall rule changed out of band, weak crypto enabled, ACL modified by hand — Compliance Audit flags it, proposes the remediation config, and stages it for engineer approval. Remediation goes through the same approval gate as any other change.

HOW IT WORKS

Compliance as code · drift as event.

Five stages — continuous loop. The model: policy is declarative, drift is an event, evidence is the natural byproduct.
01 · POLICY Express rule SOC 2 · ISO · PCI declarative YAML scope + condition 02 · SCAN Check live state every minute on every change across all scope 03 · DETECT Surface drift drift event attribution timestamp + source 04 · EVIDENCE Auto-generate per-control proof signed PDF auditor-friendly 05 · REMEDIATE Propose fix engineer approves via Provisioning ↵ approve · ✕ exception CONTINUOUS LOOP · EVIDENCE GENERATED AS BYPRODUCT REMEDIATION ALWAYS GOES THROUGH PROVISIONING APPROVAL
WHERE IT SHIPS

Production proof.

Compliance work has accumulated across all three anchor accounts. The productized version of Compliance Audit consolidates lessons from years of regulated-infrastructure engagement.
ANCHOR 03 · LAOS GOVERNMENT MINISTRY
Financial e-service infrastructure
since 2015 · 11 years of regulated infrastructure

The anchor account that taught us what compliance audit actually requires: financial-grade controls, regulator-friendly evidence, traceable change history. From the 2015 network security infrastructure to the 2022 data center improvement (authentication, DNS, e-service, email, core network) — every deployment had to pass government audit.

ANCHOR 03 · LAOS GOVERNMENT MINISTRY
216-branch deployment · multi-ISP load balancing
2023 · single rollout, compliance per branch

216 branch routers deployed with consistent compliance posture from day one — same security policy, same audit trail, same evidence pattern across every branch. Multi-ISP load balancing configured uniformly per branch and audited continuously.

ANCHOR 02 · LAOS NATIONAL TELCO
SignONE · centralized AAA
2017 → 2022 · three phases of authentication automation

SignONE delivered centralized AAA for the Laos national telco's infrastructure — three phases of automation, scale, and audit. The system underpins compliance with telecom regulatory requirements for access control and authentication on the core network.

ANCHOR 01 · TIER-1 THAI TELCO
Node Integration · multi-vendor change validation
2022 · vendor consolidation initiative

Multi-vendor change validation across the carrier's network — every change validated against compliance policy before push. Combined with AutoProvision's approval workflow, every configuration change carried documented justification, approver chain, and rollback proof.

FRAMEWORK COVERAGE

Pre-built policy packs · plus your own.

Standard frameworks ship as policy packs. Internal standards and regulator-specific requirements are declared in YAML and run alongside.
SOC 2
CC controls
ISO 27001
Annex A
PCI-DSS
v4.0
NIST CSF
2.0
CIS Benchmarks
v8
BoT IT Standard
Thailand
PDPA
Thailand
GDPR · Art. 32
EU
Custom · YAML
internal
Change policy
approval rules
HUMAN-IN-THE-LOOP

Scans run auto. Remediation always asks first.

Detection is automatic — that's the whole point. But any action taken in response goes through engineer approval. Policy exceptions go further: multi-approval.
L1 · SCAN Continuous check · every minute · every device in policy scope auto
L2 · FLAG Surface drift as event · timestamp · source · severity auto
L3 · EVIDENCE Auto-generate evidence pack · per-control proof · signed PDF auto
L4 · REMEDIATE Propose config to bring device back into policy · engineer approves push approval
L5 · EXCEPTION Policy exception · time-bound carve-out · documented justification multi-approval
QUESTIONS

What people ask first.

Does this replace our GRC tool (Vanta, Drata, Secureframe)?
No — it complements them. GRC tools handle organization-wide compliance posture (HR, IT, vendor management, training). Compliance Audit covers the network-specific controls that GRC tools struggle with: actual config audit on actual devices, continuously. Integration via API: AutoLinx pushes evidence into your GRC platform, GRC pulls it as part of the consolidated audit pack.
Can we write our own policies?
Yes — declarative YAML. Express "no telnet on management interfaces", "all firewalls must log all denies", "BGP sessions to external peers must have MD5", and AutoLinx scans the live network for compliance continuously. Custom policies run alongside the framework packs, with the same evidence-generation flow.
How does it handle policy exceptions?
Exceptions are first-class. A device or class of devices can be excluded from a policy with documented justification, time-bound expiry, and required approver chain. Exceptions appear in evidence packs explicitly — auditors see them as scoped acknowledgments, not silent failures. Common pattern: legacy device exempt from new crypto standard until refresh cycle.
What happens if a drift is detected on a critical device at 2 AM?
Compliance Audit flags it, generates the drift event in the audit ledger, attributes the source if possible, and surfaces it via on-call escalation (PagerDuty, Slack, your preferred channel). Remediation requires engineer approval — there's no auto-fix even for "easy" drift, because policy violations sometimes have legitimate emergency reasons. The engineer decides: revert, document exception, or escalate.
How does evidence pack generation work?
Pick a framework (SOC 2), time window (Q2 2026), and scope (production network). AutoLinx pulls per-control evidence: continuous-scan results, change records, approval chains, drift events with resolution, sample sizes. Renders as a signed PDF auditor-friendly format. Common pattern: quarterly evidence packs auto-generated and stored in S3 with retention policy. Government and financial customers use this for regulator submission directly.
Does this work in air-gapped environments?
Yes — Compliance Audit runs entirely inside the customer's boundary, including evidence generation and signing. No external dependency for the audit itself. Policy packs are shipped as updates the customer chooses when to apply. Critical for government, financial, and regulated-utility customers — where the audit infrastructure itself must be air-gapped.
SISTER FEATURES

Compliance Audit closes the loop.

Discovery feeds it observations. Resource Management feeds it inventory. Provisioning carries out its remediation. All four features built around the same model.
FEATURE 01

Discovery

The live graph that Compliance Audit checks against. Every observed device, interface, config lands here.
Read →
FEATURE 02

Provisioning

Pre-flight checks run policy compliance before any change pushes. Remediation flows through the same approval gate.
Read →
FEATURE 03

Resource Management

Compliance Audit checks allocation policy · tenant separation · over-allocation · stale assignments.
Read →

Stop scrambling before the audit. Have evidence already in hand.

A 4-week pilot starts with discovery, then layers your policies on top. By week three, evidence packs auto-generate for any time window — including weeks before the pilot started.

See pricing → Read product overview