Skip to Content
AI & AgentsCompliance & Governance

Compliance & Governance

Quazzar Space provides built-in compliance and governance tools to help your organization meet regulatory requirements and maintain operational standards. Track compliance frameworks, enforce policies, and generate audit-ready reports from a single dashboard.

Supported Compliance Frameworks

Quazzar Space supports mapping your infrastructure against these frameworks:

FrameworkDescription
SOC 2 (Type I & II)Service organization controls for security, availability, and confidentiality
GDPREuropean Union data protection and privacy regulation
HIPAAUS healthcare data protection standards
ISO 27001International information security management standard

Setting Up a Framework

  1. Navigate to Compliance > Frameworks
  2. Click Add Framework and select the standard you need
  3. Quazzar Space generates a set of controls mapped to the selected framework
  4. Review and customize controls to match your organization’s scope

Control Mapping

Each compliance framework is broken down into individual controls. Quazzar Space maps these controls to specific aspects of your infrastructure:

  • Access controls — User permissions, role assignments, MFA enforcement
  • Network controls — Firewall rules, network segmentation, encryption in transit
  • Data controls — Encryption at rest, data residency, retention policies
  • Operational controls — Change management, incident response, backup procedures

For each control, you can:

  • Set the current status (Compliant, Non-Compliant, In Progress, Not Applicable)
  • Assign an owner responsible for maintaining compliance
  • Attach evidence documents and screenshots
  • Add notes and remediation plans

Evidence Tracking

Collect and organize evidence for audit readiness:

  1. Navigate to Compliance > [Framework] > [Control]
  2. Click Add Evidence
  3. Upload documents, screenshots, or link to external resources
  4. Evidence is timestamped and versioned automatically

Evidence types include:

  • Configuration exports and screenshots
  • Policy documents and procedures
  • Audit logs and activity reports
  • Third-party assessment results

Compliance Dashboard

The compliance dashboard at Compliance > Overview provides a summary view:

  • Framework progress — Percentage of controls addressed per framework
  • Control status breakdown — Visual breakdown of compliant, non-compliant, and in-progress controls
  • Upcoming reviews — Controls due for periodic review
  • Recent changes — Activity feed of compliance-related updates

Compliance Reports

Generate reports for auditors and stakeholders:

  1. Go to Compliance > Reports > Generate Report
  2. Select the framework and reporting period
  3. Choose the report format (PDF or CSV)
  4. The report includes control status, evidence summaries, and gap analysis

Policy Engine (Team+)

The Policy Engine lets you define and enforce organizational rules across your infrastructure using a visual rule builder.

Creating Policies

  1. Navigate to Compliance > Policies > Create Policy
  2. Define the policy scope (all projects, specific environments, or resource types)
  3. Set the rules using the visual editor

Example policies:

  • Naming conventions — Require services to follow a naming pattern (e.g., env-region-service)
  • Required fields — Enforce that all services have an owner, description, and cost center assigned
  • Resource limits — Set maximum resource allocations per environment
  • Tag requirements — Require specific tags on all cloud resources

Policy Enforcement

Policies can operate in two modes:

ModeBehavior
AdvisoryViolations generate warnings but do not block actions
EnforcingViolations block the action until the policy is satisfied

Service Scorecards (Team+)

Service Scorecards automatically evaluate your services against a set of maturity criteria:

  • Documentation — Does the service have a description, owner, and runbook?
  • Monitoring — Are health checks and metrics configured?
  • Security — Are access controls and encryption properly set up?
  • Reliability — Are backups, redundancy, and recovery procedures in place?

Each service receives a maturity score. View scores at Services > [Service] > Scorecard or see an overview at Compliance > Scorecards.

Audit Trail

Quazzar Space maintains a comprehensive activity log for all actions:

  • User logins and permission changes
  • Service and resource modifications
  • Integration configuration changes
  • Compliance control updates
  • Agent installations and configuration changes

Access the audit trail at Settings > Activity Log. Filter by user, action type, date range, or resource.

The audit trail is immutable and retained according to your plan’s retention period.

Custom RBAC (Business+)

Create custom roles with granular permissions to support your governance requirements:

  1. Navigate to Settings > Roles > Create Role
  2. Define permissions for each resource type (projects, environments, services, integrations)
  3. Assign the role to team members

Custom roles supplement the built-in roles (Owner, Administrator, Manager, Viewer) and allow you to enforce least-privilege access across your organization.

Advanced Governance (Enterprise+)

Enterprise+ plans include additional governance capabilities:

  • IP Allowlisting — Restrict platform access to approved IP ranges
  • Data Residency Control — Choose the geographic region where your data is stored
  • SSO Integration — Enforce authentication through your identity provider
  • Custom Compliance Frameworks — Define your own framework with custom controls

Feature Availability by Plan

FeatureStarterTeamBusinessEnterpriseEnterprise+
Audit TrailBasicFullFullFullFull
Compliance FrameworksSOC2, GDPRAllAll + Custom
Control MappingYesYesYes
Evidence TrackingYesYesYes
Compliance ReportsYesYesYes
Policy EngineYesYesYesYes
Service ScorecardsYesYesYesYes
Custom RBACYesYesYes
IP AllowlistingYes
Data ResidencyYes

Next Steps

Cloud IntegrationsAuthentication