Policy registry
Live list of governance policies with search, status filter, and ownership. Authors write text + obligation references + configuration values + assigned owner once.
Policy lifecycle on one record.
Author governance policies and anchor each to a regulatory obligation. Dry-run a candidate policy against historical traffic before promotion. Resolve cross-jurisdiction conflicts when overlapping obligations apply. Install sector packs for fast adoption. Report a board-readable governance index that explains its own math.
Policy author flow
From structured draft to dry-run to promoted production policy.
Authors write structured policy records once. Each policy carries draft, in-review, active, or retired state for downstream visibility. Versions are immutable; edits create new versions and the full history stays accessible for audit replay.
Obligation anchoring
Every policy cites the promoted regulatory obligations it satisfies, traceable back to the source citation through the audit chain.
Dry-run against historical traffic
Run a candidate policy against a configurable window of your historical org traffic. Reports evaluations, matches, would-block / warn / log counts, daily buckets, and sample matches against live data (no synthetic stand-ins).
Versioned, immutable history
Edits create new versions; prior versions stay accessible for audit replay. The audit chain shows which policy version fired when a finding was raised.
Cross-jurisdiction conflict resolution
When overlapping regulations apply to the same decision, the conflict surfaces with the resolution path attached.
When sector packs share obligations or customer policy overrides intersect with regulator sources, the conflict detector surfaces the overlap. Reviewers open both sides on a single pane with recommended resolution, citation evidence, and an action log. Live for staff reviewers today.
Cross-source detection
Surface conflicts between obligations sourced from regulators, sector packs, and customer policy overrides as the intel catalog refreshes.
Reviewer workspace
Each conflict opens with both sides on a single pane, recommended resolution, citation evidence, and an action log for reviewer notes.
Addressable conflict IDs
Every conflict carries a stable ID that auditors can request, link to evidence packets, and trace through resolution and archive.
Worked examples in production
GDPR Article 17 erasure deadline vs HIPAA retention mandate for de-identified data sets. NYDFS Part 500 cyber incident reporting vs GDPR Article 33 72-hour breach notification. Colorado SB 24-205 consumer notice format vs FCRA principal-reasons content. The detector flags each as the conflicting packs activate.
Sector packs (signed, versioned, installable)
Industry-specific control mappings ready to install, not just review.
Each pack ships as a signed manifest, control map, guardian profile, policy defaults, and evidence guidance. Seven packs published today across financial services, healthcare, insurance, SaaS / tech, public sector, UK general, and EU general.
Financial Services US
Manifest for SR 11-7 model risk, ECOA / Reg B fair lending, NYDFS Part 500, NAIC Model Bulletin, GLBA, and the FFIEC joint-agency guidance.
Healthcare US
Manifest for HIPAA Security Rule (§164.308 / §310 / §312 / §314), FDA PCCP, ONC HTI-1, and state telemedicine + AI-prescribing rules.
Insurance US
Manifest for NAIC Model Bulletin §2.4, Colorado SB 24-205, NYDFS Insurance Circular Letter 7, FCRA / ECOA adverse action, and state insurance code overlays.
SaaS / Tech
Manifest for SOC 2 (AICPA TSC 2022), ISO 42001, ISO 27001, GDPR Articles 17 / 28 / 32 / 44, and NIST AI RMF.
Public Sector US
Manifest for OMB M-24-10 use-case inventory + minimum practices, OMB M-24-18, NIST 800-53, NIST AI RMF, FISMA, CMMC 2.0, and state AI-law overlays.
UK General + EU General
UK pack: UK GDPR, ICO AI guidance, Equality Act 2010, FCA AI guidance, Online Safety Act 2023. EU pack: EU AI Act baseline + GPAI obligations, GDPR, DSA, DMA, NIS2, revised Product Liability Directive, AI Liability Directive.
Governance index
The board-readable score that names its dimensions.
A quarterly score built from weighted evidence across eight dimensions (inventory completeness, risk assessment coverage, control mapping, policy enforcement maturity, detection and monitoring coverage, review and remediation discipline, evidence and audit readiness, change management). Every component has a source, a weight, and a rationale. Full scoring rubric on the governance index methodology page.
Weighted dimensions, published rubric
Policy, data, model, operations, risk, and audit dimensions. Every weight, source, and rationale is published; the board reads a single number with a methodology link.
Evidence-backed scoring
Scores move when platform evidence moves. Findings closed faster, controls implemented, attestation cycles completed: every change feeds the next quarterly snapshot.
Quarterly trendline
Show progress across quarters with evidence backing each shift, not vibes. The frozen quarterly snapshot is immutable; regulators and board members can retrieve any prior quarter.
Methodology export
Board-ready PDF with footnotes and definitions ships with the next quarterly snapshot release. Hand it to the audit committee alongside the score.
What ships now, what your team owns, what's still coming
Policy authoring, lifecycle status tracking, dry-run against historical traffic, conflict resolution reviewer workspace, sector packs, and the governance index (quarterly snapshot with full rubric) are all live today. Your policy authors and reviewers still own the governance decisions; KoraSafe™ captures the evidence and the math behind each.
Policy authoring + dry-run + conflict resolution + 7 sector packs + governance index
Quarterly board-ready score with full published rubric
Coming next
Compile + promote + rollback wired to lifecycle tables
See policy control in the product
Policy lifecycle in one place: draft, dry-run, promote, rollback. Every change written to the same audit chain.
One policy plane, one conflict queue, one set of sector packs, one board-readable score.
Start your free trial for onboarding. Policy authors, reviewers, and the audit committee all read from the same evidence chain.