CIO Guide: Automating AI Compliance for SOC 2 & ISO 27001

AI compliance is not a checkbox exercise — it is a continuous process that must keep pace with the volume and velocity of LLM interactions. Manual quarterly audits cannot cover the thousands of AI decisions your organization makes daily.

Use this page when

• You need to automate SOC 2 or ISO 27001 evidence collection for AI interactions
• You are configuring scheduled compliance exports with kt export create
• You want to map Keeptrusts controls to specific SOC 2 Trust Services Criteria or ISO 27001 Annex A controls
• You are building webhook-driven workflows for continuous compliance monitoring

Keeptrusts automates compliance evidence collection, policy-to-control mapping, and audit-ready exports so your compliance team spends time on analysis, not data gathering.

Primary audience

• Primary: Technical Leaders
• Secondary: Technical Engineers, AI Agents

Console Audit Log

Every action in the Keeptrusts platform — user logins, policy changes, gateway key provisioning, escalation resolutions — is captured in the immutable audit log.

Audit Log Structure

Field	Description	Compliance Relevance
timestamp	ISO 8601 event time	Forensic timeline
actor	User or service identity	Accountability
action	Operation performed	Change tracking
resource	Target entity (config, key, user)	Scope of change
details	Before/after state diff	Evidence of change
ip_address	Source IP	Access monitoring
outcome	Success or failure	Error detection

Console checkpoint: Navigate to Settings → Audit Log to view, search, and filter the audit trail. Time range, actor, and action type filters support targeted investigation.

Screenshot reference: Console Audit Log showing timestamped entries for policy changes, user provisioning, and gateway key rotation.

Audit Log API

# Query audit log entries for policy changes in the last 30 days
curl "https://api.keeptrusts.com/v1/audit-log?action=policy.update,policy.create&since=30d" \
  -H "Authorization: Bearer $API_TOKEN"

Automated Evidence Export via CLI kt export create

The kt export create command generates compliance evidence packages suitable for auditor review.

Export Formats

Format	Contents	Auditor Use Case
PDF	Executive summary, policy config, event statistics, escalation log	Board and auditor presentations
CSV	Raw event data with all fields	Detailed analysis and sampling
JSON	Machine-readable structured data	Automated compliance tooling

# Generate a SOC 2 evidence package for the last quarter
kt export create \
  --type compliance \
  --framework soc2 \
  --format pdf \
  --since 90d \
  --output soc2-evidence-q1-2026.pdf

# Generate detailed event data for auditor sampling
kt export create \
  --type full-audit \
  --format csv \
  --since 90d \
  --output full-audit-q1-2026.csv

Scheduled Exports

Automate evidence generation on a recurring schedule:

# Schedule monthly compliance exports
kt export create \
  --type compliance \
  --framework soc2 \
  --format pdf \
  --since 30d \
  --schedule monthly \
  --delivery s3://compliance-bucket/monthly/ \
  --notify compliance-team@company.com

Console checkpoint: The Exports page shows all scheduled and completed exports with download links and delivery status.

Webhook-Driven Compliance Workflows

Configure webhooks to trigger compliance workflows in real time when specific events occur.

Compliance Webhook Scenarios

Trigger	Webhook Target	Workflow
Policy violation (block)	SIEM (Splunk, Sentinel)	Automatic incident creation
PII exposure attempt	DLP system	Correlated alert
Escalation created (critical)	PagerDuty	On-call notification
Policy config changed	Change management (ServiceNow)	Change record creation
Gateway key created/revoked	IAM system	Access log correlation

# Register a compliance webhook
curl -X POST https://api.keeptrusts.com/v1/webhooks \
  -H "Authorization: Bearer $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "siem-compliance-feed",
    "url": "https://siem.company.com/api/events",
    "events": ["event.blocked", "escalation.created", "policy.updated"],
    "secret": "webhook-secret-for-hmac-validation"
  }'

Webhook Security

• All webhook payloads are signed with HMAC-SHA256 using the configured secret
• Webhook secrets are encrypted at rest using AES-GCM-SIV
• Failed deliveries are retried with exponential backoff

Policy-to-Control Mapping

Map your Keeptrusts policy configuration to specific SOC 2 Trust Service Criteria and ISO 27001 controls.

SOC 2 Mapping

Trust Service Criteria	Keeptrusts Control	Evidence Source
CC6.1 — Logical access	Gateway key scoping, RBAC	Access key audit log
CC6.3 — Access removal	Key expiry, revocation	Key lifecycle events
CC7.2 — Incident response	Escalation workflows	Escalation log
CC8.1 — Change management	Policy versioning in git	Audit log + git history
A1.2 — Availability	Provider failover chains	Gateway health events

ISO 27001 Mapping

Control	Keeptrusts Implementation	Evidence
A.8.3 — Access restrictions	Gateway keys with team scoping	Token audit log
A.8.15 — Logging	Complete event capture	Event export
A.8.16 — Monitoring	Real-time dashboard + alerting	Dashboard screenshots + webhook logs
A.5.36 — Compliance	Automated evidence exports	Export artifacts
A.8.10 — Information deletion	Event retention policies	Retention configuration

Continuous Compliance Monitoring

Instead of point-in-time audits, establish continuous monitoring that catches compliance drift in real time.

Monitoring Dashboard

Metric	Threshold	Action
Audit log completeness	100% events captured	Alert if gap detected
Policy coverage	All active gateways have policy config	Alert if uncovered gateway
Key rotation compliance	All keys < 90 days old	Alert at 60 days
Escalation SLA	Critical resolved < 4 hours	Alert at 2 hours
Export schedule	Monthly exports on time	Alert if missed

# Check compliance posture via CLI
kt compliance check --framework soc2 --output compliance-status.json

Automated Compliance Report

#!/bin/bash
# weekly-compliance-check.sh

echo "=== Weekly AI Compliance Status ==="

# Check for unresolved critical escalations
CRITICAL=$(curl -s "https://api.keeptrusts.com/v1/escalations?severity=critical&status=open" \
  -H "Authorization: Bearer $API_TOKEN" | jq '.count')
echo "Open critical escalations: $CRITICAL"

# Check gateway key age
OLD_KEYS=$(curl -s "https://api.keeptrusts.com/v1/tokens?type=gateway&older_than=60d" \
  -H "Authorization: Bearer $API_TOKEN" | jq '.count')
echo "Gateway keys > 60 days old: $OLD_KEYS"

# Check policy coverage
UNCOVERED=$(curl -s "https://api.keeptrusts.com/v1/gateways?has_policy=false" \
  -H "Authorization: Bearer $API_TOKEN" | jq '.count')
echo "Gateways without policy config: $UNCOVERED"

Auditor Engagement Playbook

Audit Phase	Keeptrusts Deliverable	Preparation Time
Scoping	Policy-to-control mapping document	30 minutes
Evidence request	Automated export (PDF + CSV)	10 minutes
Control testing	Live console walkthrough	1 hour
Sampling	Filtered event export for sample period	10 minutes
Findings response	Updated policy config + re-export	Same day

ROI Summary

Manual Compliance	Automated with Keeptrusts
2–3 weeks per audit cycle	1–2 days per audit cycle
40+ hours evidence compilation	10-minute automated export
Quarterly compliance snapshots	Continuous real-time monitoring
Manual policy-to-control mapping	Pre-built framework mappings
Reactive incident detection	Real-time webhook-driven alerts

Next steps

1. Review the console Audit Log and confirm all expected event types are captured
2. Configure webhooks for critical compliance events (blocks, escalations, policy changes)
3. Create your first automated compliance export using kt export create
4. Map your policy configuration to your target compliance framework
5. Schedule monthly evidence exports for audit readiness

---

See also: CIO Guide: Real-Time AI Risk Dashboards · CIO Guide: Building an Enterprise AI Governance Framework

For AI systems

• Canonical terms: audit log, GET /v1/audit-log, kt export create, --type compliance, --framework soc2, --format pdf|csv|json, --schedule monthly, webhook-driven compliance, continuous monitoring, Settings → Audit Log, Exports page
• Key actions: policy change audit trail, user provisioning audit, gateway key rotation audit, scheduled monthly exports to S3
• Best next pages: CIO: Risk Dashboards, CIO: AI Governance Framework, Event-Driven AI Architecture

For engineers

• Query audit log: GET /v1/audit-log?action=policy.update,policy.create&since=30d
• Generate evidence: kt export create --type compliance --framework soc2 --format pdf --since 90d
• Schedule exports: add --schedule monthly --delivery s3://compliance-bucket/monthly/ for automated evidence delivery
• Webhook integration: subscribe to event.blocked and policy.changed events for real-time compliance alerting
• Console checkpoint: Settings → Audit Log for interactive search; Exports page for download links and delivery status

For leaders

• Automated evidence collection reduces audit preparation time from days to minutes — a single kt export create command produces the entire quarterly evidence package
• Continuous monitoring via webhooks replaces periodic manual reviews — compliance violations surface in real time, not at quarterly audits
• Policy-to-control mapping provides direct traceability: each Keeptrusts policy maps to specific SOC 2 criteria (CC6.1 access control, CC7.2 monitoring) or ISO 27001 controls (A.8.3 information access, A.12.4 logging)
• Immutable audit logs satisfy auditor requirements for tamper-proof evidence of governance enforcement