Use case

Azure governance built for teams where compliance isn't optional

Financial services, healthcare, government contractors, and other regulated organizations have governance requirements that most Azure tools ignore: structured change control, separation of duties, complete audit trails, and evidence that every fix was reviewed by a human before it ran.

Request early access

Requirements Stratoscope meets by design

These aren't features you configure — they're architectural invariants that cannot be bypassed.

✅

Human approval for every mutating operation

Every create, update, and delete in Azure requires explicit human approval before it executes. There is no auto-remediation mode. This satisfies change control requirements at the platform layer, not through policy.

SOC 2 CC6, NIST AC-3, PCI DSS 6.4

🔒

Separation of duties

The platform proposes. Your authorized personnel approve. The audit log records exactly who approved what, when, from which identity. Proposer and approver are architecturally separate.

SOC 2 CC6.1, NIST AC-5, PCI DSS 7.1

📋

Complete audit chain

Finding → proposed fix → approver identity → timestamp → exact command → ARM execution result → verification outcome. Every link in the chain is logged and queryable. Audit evidence accumulates without additional effort.

SOC 2 CC7, NIST AU-2, HIPAA §164.312

🔑

Least-privilege credentials

Stratoscope uses a Reader-scoped service principal. Elevated operations require explicit delegation for the specific operation — executed under your authorized identity, logged, immediately expired.

SOC 2 CC6.3, NIST AC-6, PCI DSS 7.2

🏠

Data residency (BYOA)

Enterprise customers can deploy the Stratoscope agent inside their own Azure VNet. Raw governance data — inventory, cost signals, WAF findings — never leaves your environment. Satisfies data residency requirements for regulated data.

HIPAA §164.308, GDPR Art. 28, FedRAMP

🔍

Immutable operation log

The governance operation log is append-only. Past audit records cannot be modified or deleted from the console. Every governance action is permanently traceable.

SOC 2 CC7.2, NIST AU-9, PCI DSS 10.5

Compliance frameworks Stratoscope supports

Assessment and evidence collection aligned to the frameworks your auditors actually require.

SOC 2 Type II

CC6, CC7, CC8

NIST 800-53

AC, AU, CM, IA

PCI DSS 4.0

Req 6, 7, 10

Azure WAF

All 5 pillars

CIS Benchmarks

Azure foundations

HIPAA Security

§164.308–312

HITL + audit trail architecture maps to control requirements across all frameworks. Full compliance mapping available on request.

Why enterprises choose governance platforms with HITL

Most governance automation tools were built for speed — auto-remediate everything, reduce toil, move fast. In regulated environments, this creates a different problem: an automated system making changes to production infrastructure without human review is itself a compliance gap.

Stratoscope inverts the model. The AI does the analysis — discovering your environment, assessing risk across WAF pillars, building the remediation plan — and your team does the approving. The human is in the critical path by design, not as an afterthought.

This maps naturally to how regulated teams already operate: change advisory board review, ticket-based approval workflows, and evidence requirements for every production change. Stratoscope doesn't fight that process — it generates the evidence that process requires.

Security & credential model →Governing Azure Without Owning It →The decision surface →

Questions about compliance fit?

We'll walk through how Stratoscope's architecture maps to your specific compliance requirements.

Talk to us