Compliance FAQ
Compliance FAQ
Answers to common compliance review questions covering control evidence, data boundaries, and security operations accountability.
Which compliance frameworks can this evidence support?
Aegis controls and exported artifacts are designed to support common framework mapping workflows such as SOC 2, ISO 27001, and internal governance control sets.
Can Aegis operators decrypt stored credentials?
No. Vault payloads remain encrypted and master key material is derived client-side under user control. Review the Security Overview for architecture details.
What evidence is available for access and administrative actions?
Aegis provides chronological activity data with actor context and supports export workflows for governance and audit teams.
How should teams document incident-response actions?
Use a structured timeline with detection, containment, credential rotation, and verification milestones, then retain linked evidence exports for review.
Where are privacy and legal commitments published?
Public policy references are available on Privacy, Terms, Support, and Trust Center pages for reviewer and procurement access.
How often should control evidence be reviewed?
Aegis recommends monthly posture review for routine controls and immediate review after high-severity events or policy changes.