Designed for the Frameworks
You Report Against

Solas Academy is designed for high-risk AI system obligations under Regulation (EU) 2024/1689. Risk-management documentation under Article 9, data-governance and quality controls under Article 10, transparency to deployers under Article 13, and human-oversight workflows under Article 14 — including the Article 14(4)(b) human-override pathway for AI-graded learner submissions. Accuracy, robustness, and cyber-security controls under Article 15. Annex IV technical-file artefacts are maintained for conformity assessment under Article 43. Post-market monitoring per Article 72 lands as structured telemetry in the audit trail. The Article 47 Declaration of Conformity is held in draft until a first EU prospect requires signature.

Solas Academy is designed against the four functions of the NIST AI Risk Management Framework. GOVERN: documented AI policy, ownership, and accountability roles. MAP: AI use context, stakeholder identification, and impact assessment. MEASURE: model evaluation, telemetry on every AI grading call, bias and fairness signals. MANAGE: incident response, rollback paths, and the deterministic fallback that takes over when the AI grader fails closed.

Internal alignment against the ISO/IEC 42001 AI Management System standard is in progress. The platform is built around the structural requirements — leadership, planning, operational control, performance evaluation, improvement — but the formal management-system implementation review is ongoing. Detailed gap documentation is available on request under NDA.

Solas Academy is designed to help controllers and processors meet GDPR obligations: lawful basis tracking on enrolment, granular per-class retention policies, signed Data Subject Access Request (DSAR) exports, breach-notification telemetry, and field-level encryption at rest for sensitive identifiers. The hash-chained audit trail provides evidence of accountability under Article 5(2).

For healthcare customers in scope of HIPAA, the platform is designed for administrative, physical, and technical safeguards: role-based access with read-only Compliance Officer separation, audit-trail completeness, MFA enforcement, encryption at rest, and configurable retention. Business Associate Agreement (BAA) execution is handled per deployment.

Solas Academy is designed to support customers carrying SOC 2 Type II obligations across Security, Availability, Processing Integrity, and Confidentiality. Audit logs are cryptographically integrity-verifiable. Access controls, encryption, monitoring, and change-management evidence flow into the same export bundle used for other frameworks. Solas Cyber Security Solutions LLC does not itself hold a SOC 2 attestation today.

For customers operating training programmes inside PCI DSS scope, the platform is designed for the security training and awareness requirements (Requirement 12.6 and related). Role-based assignment, completion evidence, and assessment results map directly to PCI awareness programme documentation.

Solas Academy is designed to map to the Annex A controls of ISO/IEC 27001:2022 most relevant to awareness, training, and personnel security — notably A.6.3 (information security awareness, education, and training). Module-to-control mapping is configurable so customers can produce evidence bundles grouped by their own control reference set.

For essential and important entities under NIS2, the platform is designed to support the cyber-hygiene and awareness obligations (Article 21(2)(g)) and the personnel training elements of governance (Article 20). Evidence exports are structured for national competent-authority audits.

For organisations in scope of the UAE Personal Data Protection Law, the platform is designed for data-subject-rights handling, consent management, breach-notification evidence, and retention controls. Regional deployment options keep personal data within UAE residency boundaries where required.