Compliance
- Executive Summary
- Working Knowledge
ReGenesis targets McKinsey as its first pilot client, followed by other Fortune 500 companies. These organizations maintain strict vendor security requirements that gate every procurement decision. The compliance strategy is staged and transparent: ReGenesis documents what exists today, what is being built, and when each milestone will be reached.
Certification Roadmap
| Certification | Status | Target |
|---|---|---|
| SOC 2 Type I | In progress | Q3 2026 |
| SOC 2 Type II | Planned | Q1 2027 |
| ISO 27001 | Designed to standard | Q2 2027 |
| HIPAA | Architected for readiness | When required |
| GDPR | Built as design ceiling | Day one |
Approach: SOC 2 is the gate for every US enterprise deal. ReGenesis pursues SOC 2 first, then layers on ISO 27001 for global expansion. Every control is being built now — the audit is the formality.
How Compliance Is Organized
This section covers certifications, procurement readiness, audit infrastructure, and the compliance roadmap. It answers the question every enterprise buyer asks: "Can we trust this vendor with sensitive data?"
Quick Reference
| Topic | What It Covers | Relevance |
|---|---|---|
| SOC 2 & ISO 27001 | Compliance certifications, audit timelines, framework mapping | Understanding the certification path |
| Stage Gates | What is required at each launch phase | Phased compliance investment |
| Procurement Packet | The bundle for enterprise buyers | Enterprise deal readiness |
| Data Processing Agreements | DPA templates, subprocessor management | Legal requirement for data handling |
| Logging & Auditing | Audit trails, tamper-evident logs, retention | Proof that controls are working |
| Evidence Packs | L0/L1/L2 explainability system | AI transparency and trust |
| RBAC, SSO, MFA, SCIM | Identity and access management | User authentication and access scoping |
Compliance Roadmap
The roadmap shows what compliance milestones are required at each product stage:
| Stage | Timeline | Key Milestones |
|---|---|---|
| MVP0 Demo | Q1 2026 | Core data model, basic consent, internal-only |
| Pilot | Q2-Q3 2026 | McKinsey engagement, SOC 2 Type I, DPA framework |
| GA Launch | Q4 2026 | SOC 2 Type II, multi-tenant RBAC, public procurement kit |
| Global | 2027+ | ISO 27001, EU GDPR compliance, EU AI Act readiness |