面向 AI 时代的企业级信任与合规控制Enterprise trust and compliance controls for the AI era
Smallsoft 将 Zero Trust、风险引擎、审计日志与 AI 治理融合在同一控制平面,帮助企业在创新速度和安全边界之间保持平衡。Smallsoft combines zero trust, risk engines, audit logs, and AI governance in one control plane to balance innovation speed with security boundaries.
治理基线Governance Baseline
信任与合规模块Trust & Compliance Modules
零信任模型Zero Trust Model
持续验证身份、设备、网络和行为上下文,拒绝默认信任。Continuously verify identity, device, network, and behavior context.
风险引擎Risk Engine
检测异常登录、越权调用和 Agent 异常动作,自动触发处置。Detect anomalous login, privilege misuse, and risky agent behavior.
审计日志Audit Logs
统一导出到 SIEM,满足事件回溯和审计查验需求。Export unified logs to SIEM for investigations and audits.
SOC2 / ISOSOC2 / ISO
对齐 SOC 2 与 ISO 27001 控制目标,提供审计材料映射。Map controls to SOC 2 and ISO 27001 requirements.
AI GovernanceAI Governance
覆盖 Prompt、工具调用和输出结果的全流程治理。Govern prompts, tool calls, and outputs across the full AI workflow.
策略证据Policy Evidence
自动生成策略变更记录与审批证据链,降低审计成本。Generate policy change records and approval evidence automatically.
澳洲市场合规重点Australia-Specific Requirements
面向 .com.au 客户的关键交付项。Key deliverables for Australian enterprise customers.
Data Residency(Azure Australia)Data Residency (Azure Australia)
部署于 Microsoft Azure 澳大利亚区域,并提供可配置的数据驻留与合规对齐的基础设施控制。Deployed on Microsoft Azure Australia region with configurable data residency and compliance-aligned infrastructure controls.
Essential Eight 对齐Essential Eight Alignment
通过强制 MFA、权限治理和审计追踪,帮助企业满足澳洲网络安全中心关键控制项。Support ACSC Essential Eight controls through MFA, privilege governance, and auditing.
| Essential Eight 维度Essential Eight Area | Smallsoft 控制能力Smallsoft Control |
|---|---|
| Multi-factor AuthenticationMulti-factor Authentication | 自适应 MFA、Passkey、风险登录拦截Adaptive MFA, passkeys, and risk login blocking |
| Restrict Administrative PrivilegesRestrict Administrative Privileges | 最小权限角色、时效授权、管理动作审计Least-privilege roles, time-bounded access, admin auditing |
| Patch & Vulnerability HygienePatch & Vulnerability Hygiene | 凭证轮换、异常告警和事件响应工作流Credential rotation, anomaly alerts, incident workflows |
需要面向审计的控制清单?Need an audit-ready control checklist?
我们可根据你的行业监管要求输出控制映射和落地路线图。We can map controls to your regulatory context and produce an implementation roadmap.