Five Pillars. One Platform.

Each pillar solves a distinct problem. Buy one, expand over time. The shared platform layer connects them all.

Activitee Comply

Continuous compliance across 45+ regulatory frameworks with real-time drift detection, policy monitoring, and audit-ready evidence. Never scramble for an audit again.

45+ Framework Assessments

CPS 234, Essential Eight, ISO 27001, NIST CSF, SOC 2, DORA, EU AI Act, HIPAA, SOCI/CIRMP, PCI DSS, GDPR — pre-built control libraries with continuous scoring.

CPS 234E8ISO 27001SOC 2

Drift Detection

Real-time comparison of current state against compliance baselines. Detects MFA changes, password policy drift, encryption state changes, and access control regression — fed by connectors.

Policy Monitoring

Continuous evaluation of connector events against internal policies. Detect violations, anomalies, and suspicious patterns as they happen.

Evidence Vault

Auto-collected, immutable evidence for every control check, access review, and remediation action. One-click audit packages for APRA, ASIC, OAIC, and ISO auditors.

Risk Engine & KRI

Key Risk Indicators with threshold-based alerting, trend analysis, and quantified risk posture scoring.

Compliance-as-Code

Define compliance rules as code — version-controlled, auditable, and repeatable across environments.

Roadmap Generator

AI-generated 12-month compliance improvement plans based on current maturity gaps and regulatory priorities.

Activitee Identity

Govern every identity — employees, contractors, vendors, partners, clients, and non-human identities. Full lifecycle management from onboarding to decommission.

Members & User Management

Complete employee identity lifecycle with department, role, manager mapping, and multi-tenant organisation support.

External Identity Governance

Govern contractors, vendors, partners — discovery, risk scoring, lifecycle management, orphan detection, expiry enforcement, and access reviews.

Access Relationship Graph

Visual graph mapping every identity → group → role → app → resource → data path. Click any node to see all access paths to sensitive data.

Access Query Language (AQL)

Natural language and structured queries on identity data. "Show all external identities with admin access and no expiry date."

Integration Marketplace

20+ pre-built connectors (Entra ID, Okta, AD, AWS, Azure, GCP, CyberArk, SailPoint) plus Connect SDK for custom integrations.

Roles, Permissions & SoD

RBAC management with Separation of Duties detection, entitlement reviews, and least-privilege recommendations.

JML Lifecycle

Join-Move-Leave automation with approval workflows, manager attestation, and deprovisioning evidence.

Access Reviews

Periodic and event-triggered access reviews for human and non-human identities with certification campaigns.

Activitee TrustLens

The complete AI governance platform. Every AI agent, every decision, every risk — governed through its entire lifecycle from discovery to decommission.

Agent Registry & RARD

Register → Attest → Review → Decommission lifecycle for every AI agent. Risk tier, autonomy tier, approval workflows, and trust scoring.

Shadow AI Discovery

6 discovery methods (DNS, CASB, IDP, endpoint, code scan, network) to find unapproved AI tools with AI-suggested owner mapping.

MCP Server Discovery

Discover Model Context Protocol servers, their tools, permissions, and which AI agents connect to them.

AI Supply Chain SBOM

Bill of Materials for every AI agent: model, version, training data provenance, libraries, vulnerabilities, and upstream change tracking.

5-Layer Compliance Firewall

Real-time enforcement on every AI request: Identity → Scope → Data Classification → PII/PHI → Threat detection. Unique to Activitee.

Output Rewriting Engine

Auto-rewrite non-compliant AI responses — redact PII, mask credentials, enforce tone — instead of blocking.

Prompt Injection Defence

Detect and block direct injection, indirect injection, jailbreaks, role confusion, data extraction, and tool misuse attacks.

AI Incident Response

Structured playbooks for AI failures: hallucination, data leak, model compromise, bias, and performance degradation.

Decision Explainability

Human-readable explanations for every AI decision. GDPR Article 22, CPS 234, and FINRA compliant audit trails.

IoT Compliance Register

Device governance with firmware attestation, calibration tracking, config drift detection, data provenance, and AI agent binding.

Behavioral Workflows

Guardrail chains: soft → hard → circuit breaker → kill switch. Time-based patterns, cross-agent chains, and compliance-linked rules.

Industry Modules

Pre-built governance rules for ClimateTech, Critical Infrastructure, HealthTech, Banking & Finance, and Education.

Activitee Privacy

Complete privacy lifecycle management. DPIA, DSAR, consent, breach notification, and regulatory reporting — designed for DPOs managing Privacy Act, GDPR, and HIPAA obligations.

Data Inventory & Classification

Map every personal data asset — where it lives, who owns it, what sensitivity level, and which AI systems process it.

DPIA Management

Privacy Impact Assessments with pre-built templates for AI systems, clinical AI, customer-facing chatbots, and automated decision-making.

DSAR Handling

Subject Access Request workflow — intake, identity verification, data collection, redaction, response, and evidence logging.

Consent Management

Track consent grants, withdrawals, and purpose limitations. Know which AI systems process data under which consent basis.

Breach Management

NDB assessment, OAIC/ICO notification preparation, severity scoring, and regulatory deadline tracking.

Data Retention & Disposal

Automated retention schedules with defensible deletion and disposal certification.

Activitee Resilience

Operational resilience and recovery readiness. Go beyond backup compliance — prove you can recover, prove you've tested it, and prove it to the regulator.

8-Dimension Recovery Scoring

Business Impact, Backup Compliance, Encryption, Immutability, Geo-Redundancy, RTO, RPO, and Tested Restores — scored per critical system.

Backup Drift Detection

Continuous monitoring of backup configurations. Alert when schedules, retention, or encryption settings change unexpectedly.

Recovery Testing

Schedule, execute, and evidence recovery tests. Track restore times against RTO/RPO targets.

Business Impact Modelling

Model the impact of losing each critical system. Map dependencies, quantify downtime cost, and validate recovery capability.

CPS 230 / DORA Alignment

Pre-built operational resilience assessments aligned to APRA CPS 230, DORA Article 11, and SOCI/CIRMP.

Resilience Evidence

Audit-ready evidence packages for every recovery test, tolerance assessment, and business impact analysis.

Shared Platform Layer

The connective tissue between all five pillars. Connectors pull data from your environment. Every pillar consumes it. Included with any plan.

20+ Enterprise Connectors

Entra ID, Okta, Active Directory, AWS IAM, Azure RBAC, GCP IAM, CyberArk, SailPoint, GitHub, Jira, Salesforce, CrowdStrike, and more.

Activitee Connect SDK

Build custom connectors for legacy and proprietary systems. Push identity, permission, and event data via REST API.

Evidence Vault

Centralised, immutable evidence store shared across all pillars. Every control check, access review, and remediation action captured.

See it in action

Book a 30-minute walkthrough. Your compliance gaps mapped to Activitee's five pillars. 30 minutes.

Book a Walkthrough View Pricing
1
A
Ace
Activitee Security Assistant
Hey there! 👋 I'm Ace, your Activitee security assistant. I can help with IAM, compliance frameworks, data privacy, and platform questions. What can I help you with?
Just now
Share info Powered by Activitee