Governance,
risk &
compliance,
solved.

Tellus is the operating system for modern GRC. One platform for compliance across any framework, continuous risk assessment, third-party risk, and incident response — all powered by AI.

Start free trial Book a demo
app.tellus.io  —  Tellus Control Center
⌘K

Compliance overview

Q2 · 2026
Controls passing
247/261
Evidence auto-collected
94.6%
Review needed
14
Days to audit
18
ControlFrameworkOwnerEvidenceStatus
CC6.1 — Logical accessSOC 2Priya ShahAuto · OktaPassing
A.9.2.3 — Privileged rightsISO 27001D. OkaforAuto · AWSPassing
164.312(a)(1) — Access controlHIPAAJ. MartinezManualIn review
8.3.1 — Encryption keysPCI DSSTellus AIAuto · VaultPassing
Art. 32 — Security of processingGDPRS. BauerAuto · GRCGap · 2 items
PR.AC-4 — PermissionsNIST CSFTellus AIAuto · EntraPassing
Trusted by compliance teams at
MeridianKestrel HealthNorthstar BankFIELDWORKObsidianPaperclipHelios DataUnit 13GravityQuorumBlackwell & CoLumen LabsMeridianKestrel HealthNorthstar BankFIELDWORKObsidianPaperclipHelios DataUnit 13GravityQuorumBlackwell & CoLumen Labs
01 · The platform

Four pillars. One operating system for GRC.

Tellus unifies what used to take five vendors, four spreadsheets, and a Slack channel no one reads. Everything talks to everything.

01 / COMPL

Compliance

Any framework, continuously monitored. Auto-mapped controls, auto-collected evidence, audit-ready on demand.

  • SOC 2 · ISO 27001 · HIPAA Built-in
  • Custom frameworks AI-generated
  • Continuous evidence 120+ integrations
02 / RISK

Risk assessment

Model, score, and treat risk with a register that actually gets used. Quantitative or qualitative — your choice.

  • NIST RMF · FAIR · ISO 31000 Methodologies
  • Heat maps & treatment plans Live
  • Control effectiveness Auto-scored
03 / TPRM

Third-party risk

From questionnaire to onboarding in a morning. Continuous monitoring, not annual theatre.

  • Vendor questionnaires AI-answered
  • Continuous monitoring 24/7
  • Sub-processor mapping Auto
04 / IR

Incidents

Detect, triage, respond, report. Full incident response system with regulator-ready disclosures.

  • Runbooks & on-call Integrated
  • Regulator disclosures 72hr · 8-K · GDPR
  • Post-mortems Auto-drafted
02 · Tellus AI

Generate any framework in seconds.

Describe your regulatory context in plain English. Tellus AI builds a full control framework, maps it to your existing evidence, and opens gaps as tickets. New regulation on Monday? Compliant by Friday.

tellus.ai / generator Idle
// paste a prompt or pick a preset to begin
94%
Evidence auto-collected
Across 120+ integrations, no screenshots required.
2wk
Median time to audit
From signup to passing first evidence review.
40+
Frameworks supported
Pre-built. Plus any custom framework via AI.
400+
Customers worldwide
From Series A startups to Fortune 500 banks.

Incidents, in real time.

A live view from our public incident index — detect, triage, disclose, and close, all from one workspace. Severity auto-classified, regulator clocks start on first acknowledgement.
RESOLVED02:14/Q2-4821·Slack webhook auth expired · rotated via VaultHIGH02:41/INC-9912·Vendor Okta outage · impacting SSO for 3 tenantsMED03:02/INC-9918·Anomalous S3 egress from prod-analytics · investigatingRESOLVED03:18/INC-9905·RDS failover completed · RTO 4m 21sLOW03:44/OBS-2011·Evidence drift on CC7.2 · auto-ticket openedHIGH04:09/INC-9921·SEC Item 1.05 assessment started for INC-9918MED04:30/INC-9923·Third-party SOC 2 report expired · Acme PaymentsRESOLVED02:14/Q2-4821·Slack webhook auth expired · rotated via VaultHIGH02:41/INC-9912·Vendor Okta outage · impacting SSO for 3 tenantsMED03:02/INC-9918·Anomalous S3 egress from prod-analytics · investigatingRESOLVED03:18/INC-9905·RDS failover completed · RTO 4m 21sLOW03:44/OBS-2011·Evidence drift on CC7.2 · auto-ticket openedHIGH04:09/INC-9921·SEC Item 1.05 assessment started for INC-9918MED04:30/INC-9923·Third-party SOC 2 report expired · Acme Payments
RESOLVED04:55/INC-9920·Phishing campaign · 14 users flagged · 0 credentials exposedLOW05:10/RSK-0416·Risk score changed · R-142 (Vendor concentration) 3.2→4.1HIGH05:28/INC-9931·DDoS mitigation active · Cloudflare L7 rules deployedMED05:44/TPR-0312·Questionnaire auto-filled · Stripe · 87 questions in 6mRESOLVED06:01/INC-9927·Access request review · 12 approvals · 2 auto-denialsLOW06:18/OBS-2017·Unusual login · Tokyo · verified by owner (travel)RESOLVED04:55/INC-9920·Phishing campaign · 14 users flagged · 0 credentials exposedLOW05:10/RSK-0416·Risk score changed · R-142 (Vendor concentration) 3.2→4.1HIGH05:28/INC-9931·DDoS mitigation active · Cloudflare L7 rules deployedMED05:44/TPR-0312·Questionnaire auto-filled · Stripe · 87 questions in 6mRESOLVED06:01/INC-9927·Access request review · 12 approvals · 2 auto-denialsLOW06:18/OBS-2017·Unusual login · Tokyo · verified by owner (travel)
03 · Coverage

Every framework auditors actually ask about.

Out of the box, Tellus ships with pre-mapped controls for the frameworks below — and anything else your customers, auditors, or regulators demand.

SOC 2Type I · II
ISO 270012022
ISO 27701Privacy
HIPAASecurity · Privacy
PCI DSSv4.0
GDPRArt. 5–32
NIST CSF2.0
NIST 800-53Rev 5
CMMCLevel 2
FedRAMPMod · High
DORA2025
EU AI ActHigh-risk
HITRUSTCSF v11
CCPA / CPRAPrivacy
NIS2EU directive
ISO 42001AI mgmt
SOXITGC
+ any customAI-generated
04 · Customers

Compliance teams stopped dreading audits.

Our first SOC 2 Type II would have taken nine months. With Tellus we finished in six weeks — and our auditor asked what tool we were using.
PS
Priya Shah
Head of Security · Meridian
The AI framework generator turned a six-figure consulting engagement into a Tuesday afternoon. I'm still slightly suspicious.
DO
Daniel Okafor
CISO · Kestrel Health
We killed four vendors when we adopted Tellus. Risk register, TPRM, incident response, evidence — all in one place. Finally.
SB
Sofia Bauer
VP GRC · Northstar Bank

Compliance, solved.

Start free. Bring your first framework online in under an hour. Upgrade when your auditor asks for read-only access.

Start free trial Book a demo

Tweaks