Documentation

Everything you need to get started with Sentinel and automate your compliance program.

Getting Started

Sentinel automates SOC 2 and ISO 27001 compliance by connecting to your cloud infrastructure, collecting evidence, generating policies, and producing audit-ready reports. This guide walks you through the complete setup process.

1. Create Your Account

To get started with Sentinel:

  1. Visit the registration page and create your account with your company name, email, and password
  2. You'll be prompted to select a subscription plan (Starter, Professional, or Enterprise)
  3. Complete payment through our secure Stripe checkout
  4. Once subscribed, you'll land on your compliance dashboard

2. Connect Your Cloud Integrations

Sentinel collects compliance evidence from your cloud accounts. Navigate to Integrations in the sidebar to connect your services.

AWS Integration

To connect your AWS account, you'll need:

  • Access Key ID and Secret Access Key — we recommend creating a dedicated IAM user with read-only access
  • Region — the primary AWS region to scan
  • Role ARN (optional) — for cross-account access using IAM role assumption

Sentinel checks 50+ AWS configurations including IAM password policies, MFA enforcement, S3 bucket encryption, CloudTrail logging, EC2 security groups, RDS encryption, and KMS key management.

GitHub Integration

To connect your GitHub organization:

  • Personal Access Token — generate a token with repo, read:org, and admin:org scopes
  • Organization Name — the GitHub organization to scan

Sentinel verifies branch protection rules, required code reviews, signed commits, vulnerability alerts, secret scanning, and repository access controls.

Google Workspace Integration

To connect Google Workspace:

  • OAuth Authorization — sign in with a Google Workspace admin account
  • Grant read-only access to admin directory and security settings

Sentinel checks 2FA enforcement, password policies, sharing settings, admin role assignments, and security event monitoring.

3. Collect Evidence

Once your integrations are connected:

  1. Navigate to the Integrations page
  2. Click Collect Evidence on any connected integration
  3. Sentinel runs all applicable compliance checks in the background
  4. You can monitor progress in real-time — each check reports pass, fail, warning, or error status
  5. Results appear on the Evidence page and update your dashboard automatically

Tip: Run evidence collection regularly to maintain an up-to-date compliance posture. We recommend at least weekly collection runs.

4. Review Your Compliance Status

The Dashboard provides a real-time overview of your compliance posture:

  • Compliance Score — overall percentage of passing checks
  • Framework Status — per-framework breakdown for SOC 2 and ISO 27001
  • Category Breakdown — pass rates by category (IAM, encryption, logging, etc.)
  • Recent Activity — latest evidence collection results
  • Top Issues — highest-priority failing checks with severity ratings
  • Trend Analysis — compliance score over time

5. Fix Failing Checks

For every failing compliance check, Sentinel provides remediation guidance:

  1. Go to the Evidence page and filter by FAIL status
  2. Click on any failing check to see the details
  3. Review the Remediation Guide section with step-by-step instructions
  4. Each guide includes severity rating, estimated effort, and links to relevant documentation
  5. After fixing the issue in your cloud account, re-run evidence collection to verify

6. Generate Policies

Sentinel includes a library of compliance policy templates. To generate a policy:

  1. Navigate to Policies in the sidebar
  2. Browse available templates (Information Security, Acceptable Use, Access Control, Incident Response, etc.)
  3. Click Generate on the template you need
  4. Optionally provide company-specific details (industry, employee count, data types handled)
  5. Sentinel generates a comprehensive, customized policy document
  6. Download as a file for review and approval by your team

Generated policies are tailored to your organization and map to the relevant SOC 2 and ISO 27001 controls.

7. Create Audit Reports

When you're ready for your audit, generate reports from the Reports page:

  • SOC 2 Audit Report — comprehensive report covering all Trust Service Criteria with evidence mapping
  • ISO 27001 Audit Report — detailed report aligned to ISO 27001 Annex A controls
  • Combined Audit Report — unified report covering both frameworks
  • Executive Summary — high-level overview for leadership and board presentations

Each report includes your compliance score, control status, evidence references, and timeline. Reports are generated as downloadable PDF documents.

8. Manage Your Account

From Settings, you can:

  • Profile — update your name and personal information
  • Company — update your organization details (name, website, industry)
  • Billing — manage your subscription, upgrade or downgrade plans, view usage
  • Security — change your password or delete your account
  • Notifications — configure your notification preferences

Subscription Plans

Starter — $200/month

  • 1 cloud integration
  • Up to 100 compliance checks per month
  • Basic compliance reports

Professional — $500/month

  • Up to 3 cloud integrations
  • Unlimited compliance checks
  • Advanced reports
  • Email support

Enterprise — $2,000/month

  • Unlimited cloud integrations
  • Unlimited compliance checks
  • Advanced reports
  • Priority support
  • API access

Need Help?

If you have questions or need assistance, reach out to our support team at support@reatech.io.