Five Pillars. One Platform.
Each pillar solves a distinct problem. Buy one, expand over time. The shared platform layer connects them all.
Activitee Comply
Continuous compliance across 45+ regulatory frameworks with real-time drift detection, policy monitoring, and audit-ready evidence. Never scramble for an audit again.
45+ Framework Assessments
CPS 234, Essential Eight, ISO 27001, NIST CSF, SOC 2, DORA, EU AI Act, HIPAA, SOCI/CIRMP, PCI DSS, GDPR — pre-built control libraries with continuous scoring.
Drift Detection
Real-time comparison of current state against compliance baselines. Detects MFA changes, password policy drift, encryption state changes, and access control regression — fed by connectors.
Policy Monitoring
Continuous evaluation of connector events against internal policies. Detect violations, anomalies, and suspicious patterns as they happen.
Evidence Vault
Auto-collected, immutable evidence for every control check, access review, and remediation action. One-click audit packages for APRA, ASIC, OAIC, and ISO auditors.
Risk Engine & KRI
Key Risk Indicators with threshold-based alerting, trend analysis, and quantified risk posture scoring.
Compliance-as-Code
Define compliance rules as code — version-controlled, auditable, and repeatable across environments.
Roadmap Generator
AI-generated 12-month compliance improvement plans based on current maturity gaps and regulatory priorities.
Activitee Identity
Govern every identity — employees, contractors, vendors, partners, clients, and non-human identities. Full lifecycle management from onboarding to decommission.
Members & User Management
Complete employee identity lifecycle with department, role, manager mapping, and multi-tenant organisation support.
External Identity Governance
Govern contractors, vendors, partners — discovery, risk scoring, lifecycle management, orphan detection, expiry enforcement, and access reviews.
Access Relationship Graph
Visual graph mapping every identity → group → role → app → resource → data path. Click any node to see all access paths to sensitive data.
Access Query Language (AQL)
Natural language and structured queries on identity data. "Show all external identities with admin access and no expiry date."
Integration Marketplace
20+ pre-built connectors (Entra ID, Okta, AD, AWS, Azure, GCP, CyberArk, SailPoint) plus Connect SDK for custom integrations.
Roles, Permissions & SoD
RBAC management with Separation of Duties detection, entitlement reviews, and least-privilege recommendations.
JML Lifecycle
Join-Move-Leave automation with approval workflows, manager attestation, and deprovisioning evidence.
Access Reviews
Periodic and event-triggered access reviews for human and non-human identities with certification campaigns.
Activitee TrustLens
The complete AI governance platform. Every AI agent, every decision, every risk — governed through its entire lifecycle from discovery to decommission.
Agent Registry & RARD
Register → Attest → Review → Decommission lifecycle for every AI agent. Risk tier, autonomy tier, approval workflows, and trust scoring.
Shadow AI Discovery
6 discovery methods (DNS, CASB, IDP, endpoint, code scan, network) to find unapproved AI tools with AI-suggested owner mapping.
MCP Server Discovery
Discover Model Context Protocol servers, their tools, permissions, and which AI agents connect to them.
AI Supply Chain SBOM
Bill of Materials for every AI agent: model, version, training data provenance, libraries, vulnerabilities, and upstream change tracking.
5-Layer Compliance Firewall
Real-time enforcement on every AI request: Identity → Scope → Data Classification → PII/PHI → Threat detection. Unique to Activitee.
Output Rewriting Engine
Auto-rewrite non-compliant AI responses — redact PII, mask credentials, enforce tone — instead of blocking.
Prompt Injection Defence
Detect and block direct injection, indirect injection, jailbreaks, role confusion, data extraction, and tool misuse attacks.
AI Incident Response
Structured playbooks for AI failures: hallucination, data leak, model compromise, bias, and performance degradation.
Decision Explainability
Human-readable explanations for every AI decision. GDPR Article 22, CPS 234, and FINRA compliant audit trails.
IoT Compliance Register
Device governance with firmware attestation, calibration tracking, config drift detection, data provenance, and AI agent binding.
Behavioral Workflows
Guardrail chains: soft → hard → circuit breaker → kill switch. Time-based patterns, cross-agent chains, and compliance-linked rules.
Industry Modules
Pre-built governance rules for ClimateTech, Critical Infrastructure, HealthTech, Banking & Finance, and Education.
Activitee Privacy
Complete privacy lifecycle management. DPIA, DSAR, consent, breach notification, and regulatory reporting — designed for DPOs managing Privacy Act, GDPR, and HIPAA obligations.
Data Inventory & Classification
Map every personal data asset — where it lives, who owns it, what sensitivity level, and which AI systems process it.
DPIA Management
Privacy Impact Assessments with pre-built templates for AI systems, clinical AI, customer-facing chatbots, and automated decision-making.
DSAR Handling
Subject Access Request workflow — intake, identity verification, data collection, redaction, response, and evidence logging.
Consent Management
Track consent grants, withdrawals, and purpose limitations. Know which AI systems process data under which consent basis.
Breach Management
NDB assessment, OAIC/ICO notification preparation, severity scoring, and regulatory deadline tracking.
Data Retention & Disposal
Automated retention schedules with defensible deletion and disposal certification.
Activitee Resilience
Operational resilience and recovery readiness. Go beyond backup compliance — prove you can recover, prove you've tested it, and prove it to the regulator.
8-Dimension Recovery Scoring
Business Impact, Backup Compliance, Encryption, Immutability, Geo-Redundancy, RTO, RPO, and Tested Restores — scored per critical system.
Backup Drift Detection
Continuous monitoring of backup configurations. Alert when schedules, retention, or encryption settings change unexpectedly.
Recovery Testing
Schedule, execute, and evidence recovery tests. Track restore times against RTO/RPO targets.
Business Impact Modelling
Model the impact of losing each critical system. Map dependencies, quantify downtime cost, and validate recovery capability.
CPS 230 / DORA Alignment
Pre-built operational resilience assessments aligned to APRA CPS 230, DORA Article 11, and SOCI/CIRMP.
Resilience Evidence
Audit-ready evidence packages for every recovery test, tolerance assessment, and business impact analysis.
Shared Platform Layer
The connective tissue between all five pillars. Connectors pull data from your environment. Every pillar consumes it. Included with any plan.
20+ Enterprise Connectors
Entra ID, Okta, Active Directory, AWS IAM, Azure RBAC, GCP IAM, CyberArk, SailPoint, GitHub, Jira, Salesforce, CrowdStrike, and more.
Activitee Connect SDK
Build custom connectors for legacy and proprietary systems. Push identity, permission, and event data via REST API.
Evidence Vault
Centralised, immutable evidence store shared across all pillars. Every control check, access review, and remediation action captured.
See it in action
Book a 30-minute walkthrough. Your compliance gaps mapped to Activitee's five pillars. 30 minutes.