Subsystem · Governance
GRC & Compliance
Policy enforcement, consent management, audit trails, compliance monitoring, and sovereignty controls for the Octane v10 platform.
GRC-PASS · 94/100
GRC Score
94/100
↑ +2 points this week
Active Policies
62
↑ 59 passing · 3 warning
Consent Tokens Active
14
→ 2 expiring in 48h
Audit Events Today
4,821
→ 7 violations flagged
Compliance Score Breakdown
94
GRC SCORE
Policy Compliance95%
Consent Coverage98%
Audit Completeness100%
Sovereignty Controls92%
Data Minimisation84%
Active GRC Alerts
3 OpenConsent token TOK-0012 expiring in 44h
Scope: oan.http.post · renew to maintain flow continuity
Policy GRC-0031 — data minimisation gap
CBE retaining belief state beyond TTL · 48 stale records
Scheduled audit GRC-AUD-2026-06-08 due tomorrow
Full platform GRC review · estimated 12 minutes
Recent Violations
| Policy | Subsystem | Severity | Resolved |
|---|---|---|---|
| GRC-0031 | CBE | Medium | Pending |
| GRC-0018 | OAN | High | Resolved |
| GRC-0044 | ELX | Low | Resolved |
GRC-0044
Inference Rate Limiting
ELX must not exceed 2,000 inferences/min per agent without explicit consent. Prevents resource exhaustion and cost overruns.
GRC-0038
Belief State TTL Enforcement
All CBE beliefs must expire within configured TTL. No belief may persist beyond TTL without explicit renewal and audit log entry.
GRC-0031
Data Minimisation — Belief Store
CBE belief store must purge expired records within 60s of TTL expiry. Currently 48 records are 120s+ past TTL.
GRC-0029
Consent Gate: High-Impact Actions
All OAN actions classified as HIGH impact must pass through a consent gate before dispatch. No bypass permitted.
GRC-0018
Audit Trail Completeness
All agent actions, inference runs, and belief state changes must be written to the immutable audit log within 500ms.
GRC-0011
Reasoning Depth Sovereignty Cap
SRC must not execute reasoning chains beyond the operator-configured depth limit without governance override.
15:09:41
Policy GRC-0044 evaluated — PASS
ELX · Inference rate 1,240/min · Threshold 2,000/min
15:08:22
Consent token TOK-0014 validated
ELX dispatch authorized · Agent AGT-001
15:07:18
OAN action ACT-2291 dispatched
HTTP POST to api.external.io · Consent gate: PASSED
15:05:44
Policy GRC-0018 evaluated — PASS
Audit trail completeness 100% · Avg lag 48ms
15:02:11
CBE conflict CONFLICT-0041 escalated
Belief delta 18pts · Auto-arbitration failed · Governance notified
15:00:00
Policy GRC-0029 evaluated — PASS
OAN consent gate enforced · 34 gates today · 0 bypasses
14:58:41
ELX run RUN-9919 completed
Model: octane-reason-v10 · 18,442 tokens · $0.0184 · GRC logged
14:52:11
Policy GRC-0031 WARNING — data minimisation
CBE: 48 belief records past TTL · purge deferred by conflict CONFLICT-0041
14:51:07
OAN action ACT-2287 FAILED after 3 retries
HTTP POST to api.partner.io · Connection timeout · GRC-0018 logged
14:44:01
SRC chain CHAIN-0043 completed — depth limit ok
5/5 steps · CoT-Extended · GRC-0011 compliant
14:31:07
CBE conflict CONFLICT-0039 escalated to Governance
2 failed auto-arbitration attempts · Operator notified
14:00:00
Flow FLOW-22 triggered by cron schedule
Daily GRC audit cycle initiated · Governance audit runner
Compliance Frameworks
Active regulatory and internal frameworks
Octane Sovereign Intelligence Standard (OSIS-1)
Internal framework defining operator-grade AI sovereignty controls
EU AI Act — High Risk Tier
Transparency, explainability, and human oversight requirements
NIST AI RMF 1.0
Risk management framework — Govern, Map, Measure, Manage
ISO/IEC 42001 AI Management
AI management system standard for responsible AI use
SOC 2 Type II — Security
Infrastructure and data security audit controls
GDPR / Data Minimisation
Personal data handling, retention limits, and subject rights
Sovereignty Controls
Operator Consent Required
All high-impact actions require explicit operator approval
Immutable Audit Log
All events written to append-only tamper-evident log
Reasoning Depth Cap
Hard limit on SRC reasoning depth — operator configurable
Data Residency Enforcement
All data stays within configured regional boundaries
External Action Quarantine
New external endpoints quarantined 24h before trusted
Agent Kill Switch
Operator can halt all agents instantly — one click