Frequently Asked Questions

FormaOS is an enterprise compliance operating system designed for regulated industries. It connects governance frameworks, operational controls, evidence collection, and audit defense into a single, unified platform. Unlike document repositories or checklists, FormaOS enforces accountability through structured workflows, immutable audit trails, and compliance visibility.

FormaOS is built with SOC 2-aligned controls across the Common Criteria, Availability, and Confidentiality trust service categories. We implement AES-256 encryption, identity governance, tamper-evident audit logs, and structured incident response procedures aligned with the framework. Our security review packet, covering architecture, controls, and data handling, is available for enterprise procurement and security teams on request.

Every action in FormaOS is automatically logged with full context, who did what, when, and in relation to which control or workflow. Audit trails are immutable and timestamped, providing a complete chain of evidence that satisfies regulatory requirements. You can filter, search, and export audit logs at any time.

FormaOS ships with 20+ integrations across productivity (Jira, Slack, Microsoft Teams), cloud (AWS, Azure, GCP), identity (Okta, Azure AD, Google Workspace), security (Qualys, Tenable), and HRIS tools (BambooHR, Workday). Browse and install connectors from the Integration Marketplace with one-click setup. Enterprise plans include SAML 2.0 SSO.

FormaOS starts with a guided compliance plan. We scope frameworks, team structure, evidence volume, audit exposure, and procurement requirements before recommending Foundation, Growth, or Enterprise.

FormaOS provides a core enterprise review pack that includes a Data Processing Agreement (DPA), vendor assurance materials, SLA review documentation, and a security review packet covering architecture, encryption, identity governance, and data handling. These materials are shared during evaluation and procurement review, with additional artifacts handled case by case.

All paid plans include structured onboarding covering platform configuration, first framework setup, workflow design, evidence structure, and control ownership. Enterprise onboarding can include additional implementation support for more complex deployments. Timing depends on scope, data readiness, and the number of teams involved.