Compliance Frameworks
Meet regulatory requirements with Sekuire's compliance features.
Supported Frameworks
| Framework | Industry | Key Requirements |
|---|---|---|
| SOC 2 | SaaS/Cloud | Security, availability, integrity |
| HIPAA | Healthcare | PHI protection, access controls |
| GDPR | EU Data | Data privacy, consent, erasure |
| PCI-DSS | Payments | Cardholder data protection |
Policy Configuration
Enable compliance checks in your workspace policy:
policy.json
{
"compliance": {
"frameworks": ["soc2", "hipaa"],
"require_audit_logging": true,
"require_encryption": true,
"data_residency": "us",
"retention_days": 90
}
}
SOC 2
SOC 2 compliance for AI agents requires:
- Audit logging - All agent actions logged
- Access control - API key authentication
- Encryption - TLS for data in transit
- Availability - Heartbeat monitoring
Verification
sekuire verify-agent --compliance soc2
HIPAA
For agents handling Protected Health Information (PHI):
- BAA - Use HIPAA-compliant LLM providers
- Minimum necessary - Restrict tool access
- Audit trail - Log all PHI access
- Encryption - At rest and in transit
HIPAA-Compliant Models
"models": {
"allowed_providers": ["openai", "anthropic"],
"allowed_models": [
"gpt-4",
"claude-3-opus-20240229"
]
}
warning
Ensure you have a Business Associate Agreement (BAA) with your LLM provider before processing PHI.
GDPR
For agents handling EU personal data:
- Consent - User consent for data processing
- Data minimization - Collect only necessary data
- Right to erasure - Clear conversation history
- Data residency - EU data centers
Configuration
"compliance": {
"frameworks": ["gdpr"],
"data_residency": "eu",
"retention_days": 30,
"allow_data_export": true
}
Compliance Verification
Use the CLI to verify compliance before deployment:
$ sekuire verify-agent --compliance hipaa
Running compliance verification...
Identity verification passed
Registry entry valid
HIPAA compliance: 2 warnings
- Audit logging not configured
- Data encryption setting missing
Overall: PASSED with warnings
Compliance Badges
Verified agents can earn compliance badges that are displayed in the registry and dashboard:
- SOC2 Verified - Agent meets SOC2 Type II requirements
- HIPAA Compliant - Agent configured for PHI handling
- GDPR Ready - Agent supports EU data protection requirements
- PCI-DSS Certified - Agent meets payment card industry standards
Badges are issued after successful verification and are tied to a specific agent version. When the agent code changes, re-verification is required.
Request badge verification
sekuire verify-agent --compliance soc2 --request-badge
note
Badge issuance may require additional documentation and manual review for certain compliance frameworks.
Next Steps
- Policies - Workspace policy system
- Verify Agent - Full security audit