Operational trust

Before governing your AI,
we govern ours.

Every TRUST OR agent, policy, runtime and internal service is continuously governed by the same trust infrastructure we deliver to our customers.

Explore our Trust Posture
0.0/100Trust signal

Infrastructure activeContinuous verification across governed domains

Illustrative operational display
AgentsKnown & governed
PoliciesSigned & current
TRUST OR EngineEvaluates & decides
Runtime enforcementControls applied
EvidenceOutcome preserved
Operational trustContinuously verified

01Internal operational status

Governance is active
inside TRUST OR.

Our internal posture is measured as an operating system—not presented as a collection of badges. Each domain remains connected to policy, enforcement and evidence.

Governed domains8Agents through evidence
Critical controlsActiveContinuously evaluated
Open high-risk findings0Illustrative internal posture
Verification modeContinuousPolicy and runtime signals
01

Agents

Internal agents have defined ownership, scope and lifecycle.

Operational state
Governed
Last verification
2 min ago
02

Internal services

Service identities and allowed relationships remain mapped.

Operational state
Observed
Last verification
4 min ago
03

Runtime

Decisions are enforced where governed work executes.

Operational state
Enforced
Last verification
Live signal
04

Policies

Policy versions, signatures and activation state are tracked.

Operational state
Review active
Last verification
11 min ago
05

Gateways

Governed boundaries verify identity, authority and context.

Operational state
Protected
Last verification
3 min ago
06

Trust engine

Trust signals and policy decisions remain connected.

Operational state
Active
Last verification
Live signal
07

Standards

Technical controls remain mapped to current internal practices.

Operational state
Mapped
Last verification
Today
08

Evidence

Execution outcomes preserve traceable proof and provenance.

Operational state
Generated
Last verification
1 min ago

Operational values shown are illustrative of the internal governance model and do not expose production systems or proprietary implementation.

02Compliance & standards

Standards support the system.
They do not define it.

Internal mappings connect technical practice to recognized frameworks, norms and protocols. Planned and evaluation items remain clearly identified.

Frameworks

  • ISO 27001:2022Mapped
  • NIS2 DirectiveIn progress
  • RGPD / GDPRActive
  • SOC 2 Type IIPlanned
  • DORAIn progress

Norms

  • ANSSI RéférentielMapped
  • NIST CSF 2.0Mapped
  • NIST 800-53 Rev. 5Mapped
  • MITRE ATT&CK v15Active
  • Zero Trust · NIST 800-207Mapped

Protocols

  • OAuth 2.1 + PKCEActive
  • OpenID ConnectActive
  • Token ExchangeActive
  • SAML 2.0Planned
  • FIDO2 / WebAuthnPlanned

Standards

  • TLS 1.3Active
  • AES-GCM-256Active
  • JWT / JWS / JWEActive
  • ED25519 / RS256Active
  • PBKDF2 / Argon2idEvaluation

AI & GenAI

  • NIST AI RMF 1.0Mapped
  • EU AI ActIn progress
  • OWASP GenAI / LLM Top 10Mapped
  • ISO/IEC 42001Evaluation

03EU AI Act readiness

Evidence-ready for emerging AI obligations

Technical readiness that can be shown—not merely stated.

TRUST OR connects governance decisions to runtime enforcement and evidence, helping teams prepare the technical record needed for emerging AI oversight.

  1. 01
    Risk managementGoverned identities, boundaries and policy conditions
    Mapped
  2. 02
    LoggingOrdered execution events and provenance
    Active
  3. 03
    Human oversightEscalation, approval and authority records
    Active
  4. 04
    Runtime enforcementPolicy decisions applied where work executes
    Active
  5. 05
    EvidenceReconstructable outcome and decision trail
    Mapped
  6. 06
    MonitoringContinuous operational trust signals
    In progress
Readiness, not certification.

This technical mapping is informational and does not constitute legal advice, certification, or a claim of compliance. Applicability depends on each organization’s role, systems and use cases.

Operational trust

We don’t ask enterprises
to trust TRUST OR.

We operate TRUST OR under its own governance.
  • Evidence is generated.
  • Policies are enforced.
  • Trust is continuously verified.