The AI evidence layer your GRC platform plugs into. Signed, dated, control-mapped Evidence Packs, pre-mapped to ISO 42001, EU AI Act Article 26, NIST AI RMF, and SOC 2 AI controls. Generated from real telemetry, not a self-attestation form.
Verifiable signatures·Co-listed with Scytale·90-day to 7-year retention·One platform, four surfaces
The proof layer
Your detection stack tells you AI is happening. An auditor needs a signed, dated record mapped to a control. That is the Evidence Pack. Northbeams is the proof layer, not another dashboard.
Northbeams is the evidence layer for AI TRiSM (AI Trust, Risk and Security Management), the umbrella Gartner uses for governing AI you did not build.
01 / How Evidence works
Every Evidence subscription auto-provisions the Northbeams browser extension, desktop sentinel, and MCP gateway. They install across your laptops, observe AI tool use, MCP gateway calls, and LLM traffic, and stream the events into the audit log behind your Evidence Packs. Observation-only by default. No real-time blocking, no per-user dashboard, no end-user friction. If you want enforcement and the SecOps dashboard on top, add Northbeams Sentinel. The data is already flowing.
Telemetry, included
Same surfaces SecOps customers run. Browser, desktop, CLI, MCP. The Evidence Pack cites real events, not a self-attestation form.
Observation-only
Surfaces watch and record, they don't block. No risk of breaking your developers' workflows. The audit-log integrity claim is the only product surface your employees notice.
Add Sentinel for control
Upgrade to Northbeams Sentinel (per-seat) to unlock real-time blocking, per-user attribution, and the SecOps dashboard. Telemetry's already installed; the upgrade is a flag flip.
02 / What you ship to your auditor
An Evidence Pack is what auditors actually trust: a single dated PDF with a control-by-control mapping of what your organization observed, who attested to it, how it was retained, and a verifiable signature on the cover. Pick a framework. Pull a pack. Hand it over.
Most-asked / cert-driven
38 Annex A controls · PDCA · Annex SL
The world's first AI management system standard. Now in Fortune 500 vendor questionnaires. Northbeams evidences 14 of 38 controls AUTO, the remainder ATTEST or scoped out with reason.
Hard deadline
Deployer obligations · logging, oversight, monitoring
If your company deploys AI inside the EU (and many do without realizing it), Article 26 logging and human-oversight obligations become enforceable on a fixed date. Northbeams evidences the logging, monitoring, and human-oversight clauses.
US enterprise ask
Govern · Map · Measure · Manage
The voluntary baseline US state laws now point to. Recognized as a Colorado safe harbor. Northbeams evidences the MEASURE function (continuous monitoring) and pieces of MANAGE.
02 / The framework your auditor already runs
Every enterprise buyer already has SOC 2. AICPA's 2017 Trust Services Criteria don't name AI, but CC6.1, CC7.2, and the AI Controls Matrix from CSA do. Northbeams produces the evidence appendix your auditor staples to the existing Type II report.
SOC 2 + AI addendum
Control-mapped evidence for CC6.1 (logical access), CC7.2 (monitoring), and the CSA AI Controls Matrix entries your auditor will increasingly ask for in 2026.
Read the SOC 2 + AI page →ISO 27001 holders
Already certified to 27001? You're 40% of the way to 42001. The Annex SL chassis is shared. Northbeams evidences the AI-specific delta.
Read the stacking guide →Northbeams Evidence Pack
Period: 2026-Q2 · Generated 2026-05-21 14:02 UTC
03 / Anatomy of the pack
The Evidence Pack is a structured PDF an auditor can read on a plane. Every section is there because auditors asked for it, not because it photographs well.
04 / Not a quarterly snapshot
A daily job re-evaluates every AUTO check, compares to the last run, and emits a control_status_changed event when a control flips. The webhook hits your GRC platform within minutes; the in-app "Controls" banner shows newly-failing controls within the hour.
Quarterly audits ask once, every 90 days. Northbeams asks every 24 hours. That's the difference between "we passed last quarter" and "we are currently passing."
05 / For the auditor reading this
Every Northbeams Evidence Pack carries a SHA-256 hash and a detached signature on the cover. Paste the hash at /trust/verify and we'll confirm the pack hasn't been altered and was signed by Northbeams on the date claimed. HMAC v1 today, X.509 v2 within 90 days, with optional customer-side key escrow for the highest tier.
06 / Pricing
You do not buy Evidence as a separate line item. Every Sentinel plan ships the Compliance Evidence Pack: signed, dated, control-mapped evidence for ISO 42001, the EU AI Act, NIST AI RMF, and SOC 2 + AI. One platform, one contract, one install.
What ships with Sentinel
Buying for compliance, not SecOps?
Same Sentinel platform, framed for your auditor. We will scope the right plan to your frameworks and headcount. AIDR detects. We prove it to your auditor.
Talk to us about Evidence →Published pricing, no paywall. See full pricing →
Get the sample Evidence Pack PDF. Forward it to your auditor. Ask them what's missing. We'll iterate with you from there.