SECURITY & COMPLIANCE

Operationally governed.
Provably so.

Your tenant, your data plane, your governance perimeter. KnowledgeLake operates inside your controls, not around them. Every action is signed. Every policy is versioned. Every decision is replayable.

SOC 2 Type II · current

ISO 27001 · current

HIPAA · compliant

Azure Gov · live

POSTURE AT A GLANCE

The standards we hold,
and exactly what each one covers.

Standard Status Scope

SOC 2 Type II Current Platform, operations

ISO 27001 Current Platform

HIPAA Compliant Healthcare deployments

Azure Gov Live SLED deployments

DATA PLANE & RESIDENCY

Your tenant. Your region.
Your data, your perimeter.

KnowledgeLake operates the application. You control the storage perimeter. Documents live in your Azure tenant — not in ours.

TENANT ISOLATION · operational view

YOUR AZURE TENANT

Data plane

Documents
Extracted fields
Audit log storage
Policy state
Customer-managed keys

KNOWLEDGELAKE

Control plane

Platform application
Model serving
Connectors
Telemetry (de-identified)
Updates & patches

Documents do not leave your tenant in the course of normal operations.

Azure region selection

You select the Azure region. Documents and audit chain live there. No cross-region replication without your sign-off.

Customer-managed keys

Customer-managed key encryption available. You control rotation policy and key revocation.

No vendor data plane

No KnowledgeLake employee accesses customer documents in normal operations.

Sovereign deployments

Azure Government regions available for US federal and state deployments.

ACCESS & IDENTITY

Native Entra ID.
Native to your identity perimeter.

IDENTITY

Entra ID native

SSO, conditional access, MFA. Mapped to your Entra groups. No parallel user store.

AUTHORIZATION

Role-based access controls

Roles per document type, per tenant. Operator vs reviewer vs auditor vs admin scopes.

EMERGENCY

Customer-controlled break-glass

Break-glass procedures defined and executed by you. We have no vendor backdoor.

TELEMETRY

SIEM integration

Native Sentinel integration. Splunk and other SIEMs via syslog. Every audit event streams to your perimeter.

CONDITIONS

Conditional access

Honor your Entra conditional access policies. Risky sign-in flags propagate to KnowledgeLake session policies.

EXPIRATION

Session and token policies

Session length, token expiration, and re-authentication policies configurable per your standards.

AUDIT & GOVERNANCE

Every action signed.
Every action replayable.

AUDIT LOG · write-only · hash-chained

Sample · contoso.azure tenant

Recording

14:31:58 user.sarah.j approved CLAIM AP-3308 SHA-7f4a8e29b1...

14:31:42 policy.v4.1 applied AUTO_ROUTE SHA-2c911fa83b...

14:30:08 user.darin.w escalated MORTG MX-7741 SHA-9e2386b1cf...

14:29:47 system snapshot AUDIT_PERIOD SHA-44b0987c12...

14:28:12 user.admin updated POLICY.v4.1 SHA-c70d12a4ff...

14:27:33 user.audit.r exported AUDIT_PERIOD SHA-3a91bb02ed...

14:24:55 user.sarah.j rejected PERMIT LC-9981 SHA-13a2009f4e...

Hash chain

Each row's hash includes the prior row's hash. Tampering with any row breaks the chain.

Write-only

Audit log is append-only. No row is editable after write, including by KnowledgeLake operators.

Policy versioning

Every confidence threshold change creates a version. Rollback available with replay across documents.

Retention

Audit retention defined by your retention policy. KnowledgeLake does not impose minimums.

Replay any decision

Pull any audit period and replay the exact policy state and operator chain that applied.

SIEM export

Audit events stream to your SIEM in real time. Sentinel, Splunk, or generic syslog.

AI SAFETY & OPERATIONAL GUARDRAILS

We use AI where it earns its place.
We don't replace operational judgment.

Most AI vendors will tell you what their AI can do. We will also tell you what it doesn't do — and where the line between automated and human-decided sits.

THRESHOLDS

Policy-driven confidence thresholds

Every routing decision is policy-driven. Thresholds are customer-controlled, not vendor-tuned. You see exactly what the policy is, and you change it.

HITL

Human-in-the-loop required at policy thresholds

Below the threshold, the document lands with an operator. Period. We do not "improve" the policy to clear documents the policy said should not auto-clear.

TRAINING

No training on customer documents

Customer documents are not used to train models. Operational telemetry (de-identified) is used to improve the platform.

MODEL ISOLATION

Per-document-type model isolation

Which model serves which document type is policy-controlled. No accidental cross-pollination across regulated document types.

DRIFT

Confidence drift detection

Confidence distributions are monitored. When the distribution drifts, you are alerted before the policy needs an update.

EXPLAINABILITY

Reasoning explained per extraction

For reasoning-based extractions, the reasoning steps are visible in the audit chain. No black-box outputs in regulated workflows.

Let the work flow.

Skip the deck. You bring a document. See what your operations could actually look like in 45 minutes with your own docs.

Book a demo See the platform

Operationally governed. Provably so.