Compliance & Audit

1. Governance and Financial Accountability (FinOps)

Financial accountability is central to how Teev operates. Our FinOps framework ensures that every deployment, transaction, and report is traceable, auditable, and aligned with recognized financial and operational standards. We provide customers and auditors with full visibility into usage, license consumption, and cost attribution across all deployed environments. Every resource and metric is mapped to identifiable organizational constructs such as department, project, or workload, creating a clear and defensible chain of accountability.

FinOps Foundation Alignment

Teev's reporting aligns with the FinOps Open Cost and Usage Specification (FOCUS™), providing normalized and consistent data for reconciliation against AWS billing. This ensures that financial auditors can verify cloud costs, validate license metrics, and reconcile billed versus contracted usage with confidence.

Our architecture supports bottom-up cost attribution at the Bedrock Agent and Knowledge Base level, which reconciles against top-down AWS Cost & Usage Reports (CUR). This dual-source validation eliminates the "black box" problem common in enterprise cloud cost management.

Internal Cost Controls

Internal cost control is reinforced through automation. License reclamation workflows automatically identify underused or dormant resources, while procurement and renewal processes are subject to predefined policy checks. Together, these mechanisms demonstrate active financial governance and cost discipline, minimizing the risks of overspend or "shadow IT."

Revenue Recognition and Financial Reporting

We maintain formal documentation for revenue recognition in accordance with GAAP and IFRS-15, including archived customer contracts and invoices for audit selection and fieldwork. This transparency supports the integrity of our financial reporting and enables independent verification at any time.

2. Environmental Responsibility (GreenOps)

Teev integrates sustainability directly into our product design and operational decisions through our GreenOps framework. This approach ensures that cloud efficiency and environmental impact are treated as shared priorities alongside cost and performance.

Carbon Transparency

Our platform provides carbon transparency by generating carbon-to-cost benchmarking reports. These reports tie AWS resource usage to estimated CO₂ emissions using industry-standard methodologies, allowing organizations to understand, measure, and optimize their environmental footprint. This data can be used for:

• • Corporate ESG disclosures (TCFD, CSRD, CDP)
• • Sustainability audits and certifications
• • Board-level reporting on Scope 2 and Scope 3 emissions

Energy-Efficient Architecture

We architect our deployments for energy efficiency, prioritizing modern, serverless, and containerized technologies that reduce idle compute time and power consumption. We also recommend deployment in AWS regions that use lower-carbon energy mixes where feasible, and provide region-level carbon intensity data to inform these decisions.

Internal GreenOps Policy

Internally, Teev maintains a documented GreenOps Policy that formalizes governance and accountability for reducing the environmental impact of our own operations. This policy ensures environmental considerations are factored into every infrastructure and procurement decision, demonstrating compliance with sustainability reporting standards and responsible cloud governance.

3. Infrastructure and Security Compliance (AWS-Native Architecture)

Teev is built entirely on Amazon Web Services, following the AWS Shared Responsibility Model. AWS secures the infrastructure that runs our services, while Teev ensures secure configurations, monitoring, and compliance within that infrastructure.

Your Environment, Your Compliance Posture

Because Teev deploys entirely within your AWS account, you retain full control over your compliance boundary. This means:

• • Data residency: All telemetry, analytics, and operational data remain in your chosen AWS region(s).
• • Inherited certifications: If your AWS environment is SOC 2, ISO 27001, or HIPAA compliant, Teev operates within that same boundary.
• • No third-party data processing: Teev never extracts data from your environment, eliminating the need for Data Processing Agreements (DPAs) or cross-border data transfer assessments.

Continuous Compliance Monitoring

We maintain continuous compliance monitoring through AWS Config, CloudWatch, and CloudTrail. These services provide real-time tracking of configuration changes, API calls, and system events, creating an immutable audit trail for every action within your deployment.

Identity and Access Management

Identity and access are governed by strict least-privilege principles. Every IAM role and policy grants only the permissions necessary for its function. We provide pre-configured IAM policies that customers can review and approve before deployment, ensuring full transparency into the permissions Teev requires.

Multi-Factor Authentication (MFA) enforcement, regular access reviews, and IAM policy audits are recommended best practices we document for customers to implement within their own environments.

Encryption Standards

All customer data within the Teev deployment is encrypted at rest and in transit:

• • At rest: AWS Key Management Service (KMS) with AES-256 encryption for DynamoDB tables and S3 storage.
• • In transit: TLS 1.3 for all API calls, web traffic, and inter-service communication.

These controls meet or exceed the encryption standards required by most enterprise and regulatory frameworks, including PCI DSS, HIPAA, and GDPR.

Backup, Recovery, and Business Continuity

Our data backup and recovery processes use encrypted, versioned S3 and Glacier storage with defined Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO). Disaster recovery procedures are periodically tested and documented, ensuring continuity and resilience even in the event of a regional outage.

Because Teev is deployed via AWS SAM templates, infrastructure-as-code enables rapid redeployment and recovery in any AWS region.

Third-Party Security Assessments

Teev's infrastructure is continuously mapped against compliance baselines such as SOC 2, ISO 27001, and PCI DSS through AWS Audit Manager. We maintain third-party penetration testing and vulnerability assessments as part of our ongoing security assurance program. Reports are available to verified customers under NDA.

4. Responsible AI Governance (ISO/IEC 42001 and EU AI Act Readiness)

As AI adoption accelerates across industries, Teev is committed to responsible and transparent AI operations. We are implementing the ISO/IEC 42001:2023 standard for an Artificial Intelligence Management System (AIMS), positioning our governance model in line with emerging regulatory expectations such as the EU AI Act.

AI Risk Management Framework

Our AI Risk Management Framework includes a formal AI Impact Assessment (AIIA) conducted at both the design and operational stages. These assessments identify and mitigate potential risks, such as:

• • Algorithmic bias or unintended discrimination
• • Reliability issues in AI-driven cost forecasting or anomaly detection
• • Transparency and explainability of AI-generated insights

Data Governance for AI

We maintain robust data governance practices to ensure that all training, validation, and testing datasets are relevant, representative, and free from known bias. Data provenance, labeling processes, and dataset documentation are maintained for traceability and auditability.

Because Teev processes data entirely within your AWS environment, no training data ever leaves your control. This eliminates risks associated with third-party AI model training or inadvertent data leakage.

Transparency and Explainability

Transparency is built into both our development and deployment pipelines. Every AI component includes clear documentation of:

• • Purpose and intended use
• • Model architecture and training methodology
• • Performance metrics (accuracy, precision, recall, F1 scores)
• • Known limitations and edge cases

Traceability and Human Oversight

For traceability and accountability, Teev logs all AI system events, decisions, and interventions. These logs support post-market monitoring, technical reviews, and incident investigations. Human oversight mechanisms are in place to ensure that operators can monitor AI behavior, detect anomalies, and intervene or override automated outputs when necessary. For example, cost forecasts and anomaly alerts are always presented with confidence intervals and supporting evidence, enabling human judgment.

EU AI Act Readiness

By maintaining a comprehensive inventory of AI components and classifying them according to the EU AI Act's risk categories, Teev ensures proactive readiness for formal compliance assessments as the regulatory landscape evolves.

Our current risk assessment classifies Teev's AI systems as limited-risk or minimal-risk under the EU AI Act framework, primarily involving cost forecasting, anomaly detection, and operational analytics. We do not deploy high-risk AI systems as defined by the Act.

5. Our Commitment to Audits

Teev maintains an audit-ready posture year-round. We treat auditability as a product feature, not a post-hoc process.

What Auditors Can Expect

• • Documentation Integrity: Every process, policy, and financial record is maintained with clear version control, references, and traceability.
• • Customer Environment Access: Because Teev runs in your AWS account, your internal audit teams have full access to logs, configurations, and data stores without needing to request anything from Teev.
• • Teev Corporate Transparency: For external audits of Teev Ltd. itself, we facilitate direct access to our internal teams—including Finance, Engineering, Security, and Compliance—for audit interviews and process verification.

Available Documentation

For verified customers, partners, or auditors operating under a Non-Disclosure Agreement (NDA), we can provide copies of:

• • SOC 2 Type II summaries (in progress, expected Q1 2026)
• • Independent penetration test reports
• • ISO 42001 AIMS implementation documentation
• • Internal audit and compliance policy evidence
• • FinOps FOCUS™ alignment certification
• • GreenOps Policy and carbon accounting methodology

How to Request Documentation

To request compliance documentation or coordinate an audit review, contact our Compliance Team at compliance@teev.ai. We typically respond within 2 business days and can accommodate audit schedules with advance notice.

Questions About Compliance?

If you're evaluating Teev as part of a procurement or vendor risk assessment process, we're here to help. Contact us at compliance@teev.ai or schedule a call with our team to discuss your specific compliance requirements.