Compliance & Security

AI governance that satisfies your auditors

Immutable audit trails, model allowlist enforcement, and policy-as-code built for SOC 2, GDPR, and HIPAA. FORG gives compliance teams the evidence they need — without slowing down engineering.

Get audit-ready in minutes See compliance features
89%
of compliance auditors now explicitly ask about AI usage logs
Enterprise AI governance survey, 2024
100%
of FORG audit events are tamper-evident via HMAC hash chain
Cryptographically verifiable by third-party auditors
30s
to export a complete, signed audit report on demand
JSON + PDF. Compatible with major auditor tooling
Real Scenario

"We need your AI usage logs for the SOC 2 audit — by Friday."

It's a scenario playing out at companies worldwide. Your auditor needs evidence that AI tool usage is governed, logged, and controlled. Without purpose-built tooling, that means scrambling across Slack, querying disparate databases, and manually correlating user events — if you can find the data at all.

FORG captures every AI usage event at the adapter layer — before calls reach the model. Each event is hash-chained immediately, creating an immutable sequence auditors can independently verify.

The audit export runs in 30 seconds. The evidence package includes user attribution, model identifiers, timestamps, rule evaluations, and cryptographic proofs — everything your auditor needs, structured and signed.

Key distinction: FORG operates on metadata only. Prompt content never transits FORG infrastructure, satisfying data minimization requirements under GDPR Article 5(1)(c).

FORG AUDIT LOG — 2025-05-29HMAC-SHA256 ✓
TIMESTAMPUSEREVENTOUTCOMEIP
2025-05-29T08:14:02Zm.chen@corp.commodel_change_blockedBLOCKED10.0.4.17
2025-05-29T09:31:45Zd.patel@corp.combudget_exceededBLOCKED10.0.4.22
2025-05-29T11:07:18Zs.kim@corp.comrule_triggeredTRIGGERED10.0.4.9
2025-05-29T13:52:30Za.jones@corp.comsession_startedALLOWED10.0.4.31
4 of 18,432 events shownExport full audit →

Every event includes user identity, model, rule evaluation result, and IP. Hash-chained so any modification is detectable. Exportable in 30s.

What changes when you add FORG

The difference between a clean audit and a compliance incident.

Without FORG
  • Engineers swap to unapproved GPT-4o mid-sprint — no visibility
  • Audit request arrives; scramble for scattered log exports
  • No evidence trail for SOC 2 AI usage controls
  • GDPR incident: prompt logs stored in vendor infra, undisclosed
  • Policy changes require code deploys across 6 repos
With FORG
  • Model allowlist enforced at runtime — unauthorized models silently blocked
  • One-click audit export in 30 seconds, cryptographically signed
  • SOC 2 evidence package auto-generated with tamper-evident chain
  • FORG stores metadata only — prompt content never leaves your infra
  • Policy-as-code: update YAML, push to git, propagate in seconds

Built for regulated environments

Every feature in FORG's compliance layer was designed around real audit requirements.

Immutable Audit Chain

Every AI event is hash-chained using HMAC-SHA256. Any tampering is immediately detectable. Verifiable by external auditors with a single CLI command.

Model Allowlist Enforcement

Define per-team, per-environment model allowlists in YAML. Unauthorized model calls are blocked before they hit the API — zero latency overhead.

GDPR Data Controls

FORG is metadata-only by design. Prompt content never transits FORG infrastructure. Data residency controls and DPA available on Business+.

SOC 2 Evidence Export

Generate SOC 2 Type II evidence packages on demand. Structured JSON + PDF exports compatible with auditor tooling. Available in 30 seconds.

HIPAA BAA Available

Business Associate Agreements available on Enterprise plans. FORG's architecture is built for healthcare AI governance from the ground up.

Policy-as-Code

Write AI governance rules in versioned YAML. Peer-review policies in pull requests. Roll back any rule change with git revert. GitOps-native.

Get audit-ready in minutes

Install the adapter, connect your workspace, and your audit trail starts building immediately. No code changes required.

Download FORG Talk to enterprise sales
SOC 2 Type IIGDPR-readyHIPAA BAAMetadata-only