NEO — Compliance Automation

Networked Evidence Orchestrator

The evidence already exists. In every commit, every ticket, every scan. NEO reads it all at once.

One request.
This is what it takes.

AUDITOR REQUEST 01 / 05

"Provide evidence of your change approval process for the review period."

TIME SPENT ON THIS REQUEST

0 min

4,300+

hours spent on compliance per org, per year

Hyperproof · State of IT Compliance 2023

40%

of audit time lost to manual data collection

AuditBoard · State of Audit 2023

2.71×

the cost of compliance is what non-compliance costs

Ponemon Institute · Cost of Non-Compliance

What if you could just ask?

NEO

> _

How I built it.

MCP Protocol Unified communication layer — every tool speaks the same interface

Persistent Memory 4 domain types persist across sessions: decisions, runbooks, cases, preferences

Secret Manager API credentials injected at runtime — nothing hardcoded, nothing in source

Reasoning Engine Reasoning engine — translates plain language questions into live tool calls

See it in action.

NEO

The domain behind the tool.

Signal, not noise. Pattern, not chaos. That's been the practice — and now it's the product.

Federal

FedRAMP — ATO lifecycle, ConMon, POAMs

FISMA — Agency risk management

CMMC Level 2 — DoD contractor readiness

NIST 800-171 / 800-53 — Control mapping

Commercial

SOC 2 Type I & II — Trust Services Criteria

ISO 27001 / 27002 — Full ISMS implementation

PCI DSS 4.0 — Cardholder data programs

SOX ITGC — Financial systems controls

Risk & Governance

Gap assessments — Control workbooks & SoA

ConMon programs — Ongoing evidence & KPIs

Risk registers — Treatment plans & scoring

Audit readiness — Evidence mapping & ARLs

What makes it different.

NEO isn't a chatbot with a compliance skin — it's a purpose-built agent that does real work against real systems.

01

Persistent memory built for GRC

Four domain-specific memory types: decisions, runbooks, cases, and preferences. The agent learns your program over time and carries context across every session — not just your last message.

02

Live orchestration — not inference

When you ask about patch compliance, NEO queries your vulnerability scanner, pulls ITSM tickets, checks change management records — and synthesizes an answer from actual system state. It doesn't guess from training data.

03

Designed by a practitioner

Every integration, memory type, and query pattern was built by someone running real assessments. The tool reflects how compliance work actually flows — not how engineers imagine it does.

04

Self-hosted, zero vendor lock-in

Single Node.js process. Secrets injected at runtime from a dedicated vault. Your compliance data never touches a third-party cloud — full control over infrastructure and auditability.

What's next.

DONE

Memory EnginePersistent memory — preferences, decisions, runbooks, cases

Secret ManagerCredential vault integration — zero hardcoded secrets

File ToolsLocal filesystem — read, write, list, move, delete

Source ControlRepo management, file read/write, branch control

ITSMProjects, boards, sprints, issues, comments — full lifecycle

RAG SearchIndex & search .docx, .xlsx, .csv, .txt, .md locally

Multi-MachineGit sync + thumb drive memory transport workflow

NOW

Memory LibraryBuilding cross-session context, runbooks & case studies

Compliance WorkflowsEvidence collection and control documentation automation

Evidence PackagesAuto-compile evidence for SOC 2, PCI, ISO audit frameworks

DashboardWeb UI for memory, workflows, and evidence management

"The evidence always existed. In your systems. In your history. NEO just knows where to look."

NEO — Networked Evidence Orchestrator

Let's work together.

Whether you're building a compliance program from scratch, preparing for certification, or looking for someone who understands both frameworks and code — I'd like to talk.

For Organizations

Build or mature your compliance program

Gap assessments & control workbooks

Continuous monitoring (ConMon) programs

ISO 27001 · CMMC · SOC 2 · FedRAMP readiness

Risk registers & treatment plans

Audit preparation & evidence mapping

For Teams

Ready to lead, build, and grow a compliance function

GRC Manager or Compliance Program Manager

Security & Compliance Director (growth track)

Team lead who can hire, mentor, and scale

Strategic voice bridging security, legal, and engineering

Leader who still builds — and knows when to

in LinkedIn gh GitHub >_ Blog @ sean@infocraftllc.com

Sean Parrish · Security Compliance Manager · GRC Automation Builder

The End