Platform
The Tenurex platform
Read-only API connectors. Continuous control validation. Auditor-native evidence export.
Architecture
Architecture: read-only, production-connected
Three-tier design — your production systems feed the Tenurex Control Engine, which generates auditor-ready outputs. Zero write access, zero data exfiltration.
Your production systems
AWS IAM
GitHub
Okta
Jira
30+ more
Tenurex Control Engine
Polling loop (15 min)
Evidence store
Drift engine
Alert router
Audit outputs
Evidence package
SOC 2 report
ISO 27001 report
API endpoints
Core engine
The Control Engine
15-minute polling cycles across all connected integrations. 200+ pre-mapped control tests for SOC 2 TSC and ISO 27001 Annex A.
- Every control mapped to a specific API query against your actual production systems
- Results stored with full chain-of-custody metadata
- Customizable thresholds and policy rules per control
- Framework-aware: SOC 2 TSC CC1–CC9 and ISO 27001 Annex A categories
200+
Pre-mapped control tests across SOC 2 TSC and ISO 27001 Annex A
15m
Maximum polling interval — every control tested within 15 minutes
30+
Production system connectors with read-only API access
EVIDENCE RECORD · CC6.1
SIGNED
Timestamp: 2026-06-17T14:32:01Z
Hash: a3f8...c4d1
Source: AWS IAM GetAccountPasswordPolicy
PASS — MFA required: true
Evidence store
Immutable Evidence Store
Every control test result is timestamped, signed, and stored immutably. Your auditor gets a cryptographic chain of evidence, not a folder of screenshots.
- SHA-256 signed evidence records — tamper-evident by design
- Full audit trail linking each evidence record to its source API call
- Structured for AICPA SOC 2 and ISO 27001 evidence formats
- On-demand export to PDF, CSV, or JSON for your audit firm
Drift detection
Drift Detection & Alerting
When access controls drift, Tenurex alerts within one polling cycle — 15 minutes, not 6 months.
- Policy rules configurable per control and per integration
- Alerts via email, Slack, PagerDuty, or webhook
- Drift events logged with full metadata for audit trail
- Suppression rules for expected change windows
DRIFT DETECTED
Control CC6.1 · Integration GitHub
User jsmith added to org-admins
At 14:32 UTC · Policy requires approval workflow
Flagged for review
15 min cycle
Get started
Ready to see the platform?
Talk to the team and see a live demo of the Control Engine connected to your stack.
Request Access