What cloud services does Humadroid integrate with for evidence collection?

Humadroid currently integrates with AWS (Amazon Web Services) and GitHub. AWS integration covers services like IAM, CloudTrail, S3, EC2, KMS, and RDS for infrastructure evidence. GitHub integration monitors repository settings, branch protection, security features, and access controls. More integrations are planned for the roadmap.

Is automated evidence collection secure?

Yes, Humadroid uses read-only permissions for all integrations. We never modify your infrastructure or repositories. For AWS, we use IAM roles with minimal permissions. For GitHub, we use GitHub Apps with read-only scopes. All data is encrypted in transit and at rest.

How does automated evidence collection help with SOC 2 audits?

Automated evidence collection maps directly to SOC 2 Trust Service Criteria. It continuously gathers proof of security controls implementation, eliminating manual screenshot collection. Evidence is automatically verified and organized for auditor review, significantly reducing audit preparation time.

How often is evidence collected automatically?

Evidence collection runs on configurable schedules. You can set daily, weekly, or custom schedules based on your compliance needs. Real-time monitoring alerts you immediately when critical controls change or fail verification.

Automated Evidence Collection

Connect Once, Collect Forever

Stop chasing screenshots and exports. Connect your AWS infrastructure and GitHub repositories to automatically gather compliance evidence that satisfies SOC 2 and ISO 27001 controls.

Core Features

AWS integration with 15+ evidence sources

GitHub integration with 12 evidence sources

Multi-framework mapping (SOC 2, ISO 27001)

Auto-verification against compliance rules

Scheduled collection (daily, weekly, monthly)

Read-only access with enterprise-grade security

Continuous compliance monitoring

CloudFormation one-click setup for AWS

Supported Integrations

Amazon Web Services

Cloud Infrastructure

Comprehensive AWS integration covering IAM, CloudTrail, S3, RDS, KMS, GuardDuty, and more. Connect via secure cross-account IAM role with read-only permissions.

Evidence Sources:

IAM Password Policy MFA Status CloudTrail S3 Encryption RDS Encryption KMS Key Rotation GuardDuty VPC Flow Logs + 7 more

GitHub

Source Control

Full GitHub organization integration covering security settings, access controls, code scanning, and audit logs. Connect via GitHub App with fine-grained permissions.

Evidence Sources:

2FA Status Branch Protection Required Reviews Secret Scanning Dependabot Code Scanning Team Permissions + 5 more

Compliance Control Coverage

SOC 2 Trust Services Criteria

CC6 - Logical & Physical Access 12 evidence sources

CC7 - System Operations 8 evidence sources

CC8 - Change Management 5 evidence sources

ISO 27001:2022 Annex A

A.5 - Organizational Controls 10 evidence sources

A.8 - Technological Controls 15 evidence sources

A.8.25-28 - Secure Development 6 evidence sources

Key Benefits

Eliminate manual evidence collection with automation

Reduce audit prep time from weeks to hours

Auto-verify evidence against compliance thresholds

Get alerted when compliance status changes

Single evidence satisfies multiple framework controls

Security First

Read-only access - Humadroid cannot modify your resources

External ID protection against confused deputy attacks

Short-lived tokens with automatic rotation

Full audit trail of all API calls

Revoke access instantly with one click

How It Works

Connect

Use our CloudFormation template or GitHub App to connect in minutes with minimal configuration.

Collect

Evidence is automatically gathered on your schedule and mapped to compliance controls.

Verify

Auto-verification checks evidence against compliance rules and alerts you to issues.

Coming Soon

Google Cloud Platform

Cloud infrastructure monitoring for GCP resources.

GitLab

Source control and CI/CD evidence collection.

Okta / Azure AD

Identity provider integration for access controls.

Automate Your Evidence Collection

Stop spending hours on manual screenshots and exports. Connect your infrastructure and let Humadroid continuously collect compliance evidence for you.