Sentinel is the entry point for putting a virtual CISO inside your tenant on a monthly cycle. Aegis AI™ runs read-only against your AWS, Azure, Microsoft 365, Okta, or CrowdStrike telemetry and refreshes your control matrix, evidence binder, risk register, and POA&M against all six frameworks — SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST CSF, and GDPR — every 30 days. Your security leader reviews and approves before anything reaches the auditor.
What Sentinel covers
- All six frameworks, every cycle. SOC 2 Trust Services Criteria, ISO 27001 Annex A, HIPAA Security Rule, PCI-DSS v4.0, NIST CSF 2.0, and GDPR Article 32 controls. Sentinel is not a single-framework tool — the scope of coverage is the same as Sovereign. What changes across tiers is cadence, entity count, and concierge level, not framework breadth.
- Monthly control validation cycle. Aegis AI runs your full control matrix on a 30-day rhythm. Each cycle produces a refreshed evidence binder, an updated risk register, and a POA&M with target close dates.
- One legal entity. Sentinel scope is a single corporate entity — one VAT/EIN, one production tenant per cloud, one Okta org. If your control plane spans subsidiaries, Vanguard or higher is the right starting point.
- Email support during business hours. Reach
[email protected]for any question about the work product. Same-business-day reply, Monday through Friday. - Audit-ready binder. Each control objective mapped to the evidence artifact, the source system, the responsible owner, and the last validation timestamp. Your CPA, certification body, HIPAA assessor, or PCI QSA opens it and starts validating, not asking for clarification.
The 30-day cycle, in plain English
- Minute 0. Stripe processes your subscription. Welcome email + intake link.
- Minutes 5–15. Intake. Connectors. Read-only, revocable in 30 seconds.
- Hours 1–8. First scan. First deliverable bundle: control matrix across six frameworks, evidence binder, risk register, POA&M, executive summary. All reviewed before send.
- Day 30. Second cycle. Drift since the last cycle is flagged; new evidence is captured; the POA&M reflects what closed and what slipped.
- Every 30 days thereafter. Same cycle. Card on file charged $4,500 monthly until you cancel in your Stripe billing portal.
What Sentinel is good for
Security leaders who have one production environment, one cloud footprint, and an audit on the horizon — SOC 2 Type II, ISO 27001, HIPAA, PCI, or all of them at once. You want continuous control validation without hiring a full-time vCISO consultant, and you can absorb a 30-day refresh cadence between auditor walk-throughs. If your scope grows or your cadence needs tighten, you move up to Guardian, Vanguard, Fortress, or Sovereign without re-implementation.
What Sentinel is not
- Not a substitute for your auditor. SOC 2 attestations come from CPA firms; ISO 27001 certifications come from accredited certification bodies; HIPAA and PCI from independent assessors and QSAs. Aegis AI is the readiness software you use before they arrive.
- Not multi-entity. One legal entity per Sentinel subscription. If your control plane spans more than one corporate entity, see Vanguard (up to 3) or Fortress (up to 10).
- Not weekly or continuous. If you need a tighter cycle, see Guardian (bi-weekly), Vanguard (weekly), or Fortress / Sovereign (continuous).
Start your subscription
$4,500/month, billed monthly. Annual prepay: $45,000/yr (one month free). Cancel anytime in your Stripe billing portal; cancellation takes effect at the end of the then-current paid month. If you ran the $1,995 Multi-Framework Readiness Snapshot in the last 30 days, it credits 100% to month one.
OFAC and Authorized Signatory certification required at checkout. Service is for organizations not subject to U.S. sanctions and signed by an officer authorized to bind the company.
Subscribe to Sentinel — Monthly →