Skip to content
On-demand recording | SAP IdM End of Life: Migration Without Disruption | With Deloitte · 60 min Watch recording
← Back to Trust Center
Trust Center

Compliance

Independently audited compliance controls, continuous controls monitoring, and proactive alignment with emerging AI governance frameworks.

Audited Compliance

EmpowerNow is SOC 2 Type 2 compliant and ISO 27001:2022 compliant through the EmpowerID compliance program. Controls are independently audited by Prescient Security.

SOC 2 Type 2

Independent SOC 2 Type 2 examination covering the operating effectiveness of controls for security, availability, confidentiality, processing integrity, and privacy trust service criteria.

Active Prescient Security

ISO 27001:2022

Current ISMS standard demonstrating systematic management of sensitive information through risk management processes and modern cloud and threat intelligence controls.

Active Prescient Security

AI Governance Framework Alignment

ARIA's architecture was designed with emerging AI governance requirements in mind. Detailed control mappings are available on our Standards & Compliance reference page.

OWASP LLM Top-10

8 of 10 mapped

ARIA provides controls for 8 of the 10 OWASP LLM risks, including Prompt Injection (LLM01), Excessive Agency (LLM08), and Supply Chain (LLM05). The two unmapped risks — Training Data Poisoning (LLM03) and Model Theft (LLM10) — are model provider responsibilities outside ARIA's scope.

View full OWASP mapping →

MITRE ATLAS

5 tactics mapped

Adversarial ML threat defenses mapped across resource hijacking, ML model access, evasion, exfiltration via AI, and impact/abuse — each with specific ARIA enforcement layers identified.

View full ATLAS mapping →

EU AI Act (Regulation 2024/1689)

9 requirements addressed

ARIA supports enterprise traceability, oversight, and evidence collection aligned with EU AI Act requirements including transparency (Article 53), human oversight (Article 14), risk management (Article 9), and record keeping (Annex IV). Specific applicability depends on the organization's role and AI system risk classification.

View full EU AI Act mapping →

Standards Foundation

ARIA builds on established protocols. The innovation is combination and application to runtime execution control — not protocol invention.

OpenID AuthZEN 1.0 Final

Policy evaluation API — single PDP surface for LLMs and tools

OAuth 2.0 Token Exchange RFC 8693

Delegation token exchange for agent-on-behalf-of-user flows

OAuth 2.0 RAR RFC 9396

Fine-grained capability expression beyond OAuth scopes

OAuth 2.0 DPoP RFC 9449

Sender-constrained tokens, proof-of-possession binding

Model Context Protocol Living

Tool discovery, invocation, and schema governance

HTTP Conditional Requests RFC 9110

Workflow state versioning via ETag/If-Match

Audit Posture

EmpowerID maintains an annual external audit cadence with Prescient Security. Compliance evidence is refreshed on schedule, and continuous controls monitoring identifies drift before the next audit cycle.

ARIA's tamper-evident receipt chains are designed to accelerate audit preparation — receipts provide the cryptographic evidence trail that auditors require, replacing manual log reconstruction with independently verifiable records.

Need compliance documentation?

Request compliance artifacts, penetration test summaries, or a detailed compliance mapping for your vendor assessment.

Request Compliance Package