GOVERNTIQ deploys inside your security perimeter, under your firewall, your credentials and your control. This page — and the one-pager — answer what security, risk and procurement teams ask first.
Entity types & counts, severities, metric values, OWASP/ATLAS & regulatory-article mappings, redacted samples, salted fingerprints.
Raw PII/PHI/PCI, prompts, records, model weights, system credentials, and your application data.
Agents inspect data, models and prompts in place. Only redacted findings and metadata leave — raw PII/PHI/PCI, prompts, records, model weights and credentials never do. Verified end-to-end: zero raw data is stored upstream.
The agent is an HTTPS client — it never opens a listener. It deploys behind your firewall with no inbound rules, through a forward proxy, or fully air-gapped.
Read-only by default, using credentials you issue and scope. A revocable run token (from your portal) authorises reporting and can be cut off instantly. Passive observe-only mode available.
Dry-run mode performs the full scan and prints the exact payload without transmitting — your security team reviews it before reporting is enabled.
TLS with certificate verification by default; mTLS and pinning for high-assurance deployments. Evidence is hash-chained and WORM-anchored so it cannot be silently altered.
For high-assurance / air-gapped environments, a compiled, hardware-bound agent build with license attestation runs only where you authorise it.
Run the agents on your own servers, inside your own network. Nothing is required to reach the public internet beyond reporting findings to your chosen GOVERNTIQ endpoint.
Deploy in your cloud tenant with your security groups, egress controls and secrets management. The agent honours your proxy and certificate policy.
Fully disconnected operation: the Data Plane governs locally and reports to an in-network Control Plane, or runs offline and syncs later. No outbound internet needed.
Reproducible, head-to-head benchmarks against the field’s reference tools (method parity — we don’t claim “#1”).
Fairness — match IBM AIF360 & Microsoft Fairlearn
Drift — match SciPy (engine behind Evidently)
PII — benchmarked vs Microsoft Presidio
EU AI Act · NIST AI RMF · ISO/IEC 42001 & 42005 · ISO/IEC 27001 · SOC 2 · GDPR · DORA
GOVERNTIQ is architected to SOC 2 and ISO/IEC 27001 control objectives and produces the tamper-evident evidence those audits require. Formal attestation reports and penetration-test summaries are available under NDA on request.