Compliance,
rebuilt by the people
who actually do it.
Supervisory is a free, community-built system of record for DORA. Every requirement, control and piece of evidence is connected and managed under an agent framework. All features are decided by the users. Submit a feature request in the Roadmap now.
One model. Every relationship preserved.
Built for the messy reality of group structures, third parties, and ICT estates that change daily.
Article browser
Every DORA article and RTS, expanded into requirements with mapped controls, evidence and current status across entities.
Canonical graph
Entities, ICT services, third parties, contracts, controls, incidents and evidence — a single graph, no spreadsheets.
Automated gap assessment
From your inventory and policies, every requirement is classified and the evidence to close each gap is proposed for you.
Built for the way you actually run compliance.
Automation where it matters, on the model stack of your choice — yours, your enterprise's, or fully open source.
Compliance automation
Continuous gap assessment, evidence collection, control testing and report drafting — running in the background instead of a quarterly scramble.
Agent harness for compliance
A purpose-built harness that breaks down regulations, plans the work, drafts evidence and policies, and hands control back to you for review.
Bring your own model
Plug Supervisory into the model provider you already trust. No lock-in, no shadow data residency surprises, no per-seat model tax.
Private and open-source models
Connect to your own self-hosted open-source LLM or your enterprise provider. Sensitive evidence never leaves your perimeter.
An agent harness, your model, your evidence.
Every action is a tool call against your compliance graph. Writes are proposals a human approves. Nothing is auto-mutated, everything is logged.
Plan
Pick an agent kind — gap review, evidence gather, incident triage, control drafter, TPP due diligence. The harness loads the whitelisted tools available for that kind.
Reason
Your chosen LLM — OpenAI, Azure, Anthropic, vLLM, Ollama, or the default — calls tools to read requirements, evidence, incidents and TPPs. Every step is hash-chained into the audit ledger.
Propose
Writes are filed as recommendations a human approves. Each recommendation is traceable back to the exact agent run, model, and tool calls that produced it.
Sensitive evidence stays inside your perimeter. The harness pings your endpoint with the same tool schema regardless of provider.
A new era of compliance.
Staying compliant should be easy, and the tools to make it so are now cheap to build. So they should be free to use.
Supervisory is maintained by Cardinal and built in the open with the practitioners who file the reports, run the tests, and answer the regulator's questions. The community shapes the roadmap and contributes the controls, the mappings, the connectors. Compliance stops being a team and becomes shared infrastructure.
Always free for teams.
Built in the open. Forkable.
Contributions belong to everyone.
Posture vs Policy.
Most platforms collapse intent and reality into a single number. Supervisory keeps them apart.
What your policies say should be true sits alongside what your live telemetry, tests and attestations show is true. The delta is your gap surfaced on the dashboard, never buried in a quarterly review.
One plan. Always free.
No seats, no tiers, no enterprise upsell. The whole platform, for the whole team, forever.
Unlimited users. Unlimited entities. Every feature, every article, every report. No credit card.
- Unlimited users and seats
- Unlimited entities and tenants
- All DORA articles and RTS
- Automated gap assessment
- Compliance automation
- Agent harness for compliance
- Bring your own model
- Private and open-source LLM support
- Register of information (XBRL export)
- Third-party risk and contracts
- ICT inventory and dependency graph
- Incident classification and reporting
- TLPT scenario library
- Continuity and recovery testing
- Evidence collection and audit trail
- Posture vs policy dashboard
- Policy templates and version control
- Read-only auditor and regulator portal
- Trust portal for third parties
- Public API and webhooks
- Connectors and integrations
- Community-shaped roadmap
Free to use. Built with you.
Spin up a workspace, import your entities, and have an article-by-article posture in an afternoon then help shape what Supervisory becomes next.