AI System of Record · for GRC

Hand your auditor an AI System of Record.

The AI evidence layer your GRC platform plugs into. Signed, dated, control-mapped Evidence Packs, pre-mapped to ISO 42001, EU AI Act Article 26, NIST AI RMF, and SOC 2 AI controls. Generated from real telemetry, not a self-attestation form.

Verifiable signatures·Co-listed with Scytale·90-day to 7-year retention·One platform, four surfaces

The proof layer

Detection tools find shadow AI. They can't prove it to your auditor.

Your detection stack tells you AI is happening. An auditor needs a signed, dated record mapped to a control. That is the Evidence Pack. Northbeams is the proof layer, not another dashboard.

Northbeams is the evidence layer for AI TRiSM (AI Trust, Risk and Security Management), the umbrella Gartner uses for governing AI you did not build.

01 / How Evidence works

Telemetry surfaces ship with every Evidence purchase. The pack has data to cite from day one.

Every Evidence subscription auto-provisions the Northbeams browser extension, desktop sentinel, and MCP gateway. They install across your laptops, observe AI tool use, MCP gateway calls, and LLM traffic, and stream the events into the audit log behind your Evidence Packs. Observation-only by default. No real-time blocking, no per-user dashboard, no end-user friction. If you want enforcement and the SecOps dashboard on top, add Northbeams Sentinel. The data is already flowing.

Telemetry, included

Same surfaces SecOps customers run. Browser, desktop, CLI, MCP. The Evidence Pack cites real events, not a self-attestation form.

Observation-only

Surfaces watch and record, they don't block. No risk of breaking your developers' workflows. The audit-log integrity claim is the only product surface your employees notice.

Add Sentinel for control

Upgrade to Northbeams Sentinel (per-seat) to unlock real-time blocking, per-user attribution, and the SecOps dashboard. Telemetry's already installed; the upgrade is a flag flip.

02 / What you ship to your auditor

Three frameworks. One pack per framework. One sentence.

An Evidence Pack is what auditors actually trust: a single dated PDF with a control-by-control mapping of what your organization observed, who attested to it, how it was retained, and a verifiable signature on the cover. Pick a framework. Pull a pack. Hand it over.

02 / The framework your auditor already runs

SOC 2, with AI controls added.

Every enterprise buyer already has SOC 2. AICPA's 2017 Trust Services Criteria don't name AI, but CC6.1, CC7.2, and the AI Controls Matrix from CSA do. Northbeams produces the evidence appendix your auditor staples to the existing Type II report.

SOC 2 + AI addendum

What we add to your existing SOC 2.

Control-mapped evidence for CC6.1 (logical access), CC7.2 (monitoring), and the CSA AI Controls Matrix entries your auditor will increasingly ask for in 2026.

Read the SOC 2 + AI page →

ISO 27001 holders

The 27001 to 42001 stack.

Already certified to 27001? You're 40% of the way to 42001. The Annex SL chassis is shared. Northbeams evidences the AI-specific delta.

Read the stacking guide →

Northbeams Evidence Pack

ISO/IEC 42001:2023

Period: 2026-Q2 · Generated 2026-05-21 14:02 UTC

OrganizationAcme Holdings, Inc.
Framework version42001:2023
Controls in scope38 of 38
Auto-evidenced14
Attested19
Scoped out5 (with reason)
Underlying events142,318
Signing identityCN=Northbeams Evidence v1
SHA-256: 7b32fc4e91d83a9e02c6 b5d419af8e7c3d0a51f4 6e2f7a8b9c0d1e2f3a4b 5c6d7e8f9a0b1c2d3e4f
Cover · 1 of 7 Verifiable at /trust/verify

03 / Anatomy of the pack

Seven sections. One PDF. Auditor-ready.

The Evidence Pack is a structured PDF an auditor can read on a plane. Every section is there because auditors asked for it, not because it photographs well.

  • Cover . org, framework, period, SHA-256, signing identity.
  • Scope . which surfaces are observed, which agents, what's explicitly out.
  • Control mapping . AUTO / ATTEST / scoped-out per control, with the underlying query.
  • Evidence appendix . sampled events. Top high-risk tool calls, blocked actions, attestations with actors.
  • Exceptions & gaps . controls not satisfied, with reason and remediation owner.
  • Methodology . collection, retention, hash-chained integrity claim.
  • Signatures . owner attestation + cryptographic signature over the document.
Walk through the pack →

04 / Not a quarterly snapshot

Continuous Control Monitoring.

A daily job re-evaluates every AUTO check, compares to the last run, and emits a control_status_changed event when a control flips. The webhook hits your GRC platform within minutes; the in-app "Controls" banner shows newly-failing controls within the hour.

Quarterly audits ask once, every 90 days. Northbeams asks every 24 hours. That's the difference between "we passed last quarter" and "we are currently passing."

01Daily re-evaluation of every AUTO control.
02Webhook on control-status change.
03In-app banner with newly-failing controls.
04Scheduled Evidence Pack monthly, or on demand.
05Hash-chained append-only event log; integrity claim travels with the pack.
06Sampled events in the appendix prove the AUTO check, not just claim it.

05 / For the auditor reading this

Every pack is signed. Every signature is verifiable.

Built for the auditor's review, not the vendor's pitch.

Every Northbeams Evidence Pack carries a SHA-256 hash and a detached signature on the cover. Paste the hash at /trust/verify and we'll confirm the pack hasn't been altered and was signed by Northbeams on the date claimed. HMAC v1 today, X.509 v2 within 90 days, with optional customer-side key escrow for the highest tier.

Verify a pack →

06 / Pricing

Compliance evidence is bundled into Sentinel.

You do not buy Evidence as a separate line item. Every Sentinel plan ships the Compliance Evidence Pack: signed, dated, control-mapped evidence for ISO 42001, the EU AI Act, NIST AI RMF, and SOC 2 + AI. One platform, one contract, one install.

What ships with Sentinel

  • Monthly and on-demand Evidence Packs
  • All four frameworks (ISO 42001, EU AI Act, NIST AI RMF, SOC 2 + AI)
  • GRC platform integrations
  • Signed, dated, hash-verifiable packs
  • Continuous Control Monitoring on higher tiers
See full pricing →

Buying for compliance, not SecOps?

Same Sentinel platform, framed for your auditor. We will scope the right plan to your frameworks and headcount. AIDR detects. We prove it to your auditor.

Talk to us about Evidence →

Published pricing, no paywall. See full pricing →

One install. One dashboard. One pack.

Get the sample Evidence Pack PDF. Forward it to your auditor. Ask them what's missing. We'll iterate with you from there.