Compliance
Map every control to evidence. Generate audit packs auditors actually accept.
Frameworks Escher targets
Escher's compliance reasoning is designed around the major frameworks customers ask about: SOC 2, ISO 27001 Annex A, HIPAA Security Rule, PCI-DSS v4.0, GDPR (data handling and access controls), and CIS Benchmarks (AWS and Azure foundational profiles).
INFO
"Continuous monitoring," drift alerts, and custom-framework support are roadmap items rather than shipped features today. The current capability is on-demand reasoning over your connected estate when you ask compliance-shaped questions.
What Compliance in Escher covers
| Capability | Example question |
|---|---|
| Readiness assessment | "Are we SOC 2 Type II ready?" |
| Gap analysis | "Which CIS Benchmark controls fail?" |
| Evidence pack generation | "Generate the SOC 2 evidence pack for last quarter." |
| Scope mapping | "Map our PCI-DSS scope. Which resources are in?" |
| Cross-framework view | "Which controls overlap between SOC 2 and ISO 27001?" |
How Escher saves time on audits
The traditional audit cycle:
- Assemble evidence by hand → 4–8 weeks
- Auditor finds gaps → 2–3 weeks
- Remediate gaps → 4 weeks
- Re-assemble evidence → 1–2 weeks
With Escher:
- Run "Generate SOC 2 audit pack" → 8 minutes
- See gaps immediately → fix incrementally
- Regenerate the pack any time → minutes not weeks
- Auditor reviews directly from your exported PDF
Customers using Escher report SOC 2 Type II in 8 weeks instead of 6 months.
What evidence looks like
For every passing control, Escher attaches the actual configuration value, log entry, or deployment record that satisfies it. Auditors don't have to take your word — they can click through to the source.
For every failing control, Escher tells you which resources fail, why, and how to fix it.
Tips
TIP
Start with the gap list. "Show only failing controls for SOC 2" gets you a prioritized fix list. Don't waste time reviewing 80 passing controls.
TIP
Generate the pack early and often. Don't wait for the audit week. Run it now, fix gaps, run again. By the time the audit starts, you have a green pack.
TIP
Set up Continuous Compliance. On Advanced plans, Escher snapshots your control state on every refresh and alerts you when a previously-passing control drifts.
What's next
- Compliance Questions
- Canvas Export — Auditor-ready PDFs
- Pricing — Advanced compliance features