Pre-access compliance review

Pre-access compliance review for regulated facilities.

Decide who gets controlled access before they arrive — and keep the evidence to prove how you decided.

  • Tenant-isolated records
  • Append-only audit by design
  • Evidence pack exports on demand

Product surfaces

Synthetic preview

Access decision recorded

Foreign-national lab access · cleared after review

Approved

Intake

Request type
Foreign-national lab access
Host
Assigned facility sponsor
Site
North research wing
Purpose
Equipment calibration visit

Screening

Sources
OFAC · BIS · DDTC
Status
Potential match · needs review
Match count
1

Match resolution

Reviewer
Authorized reviewer
Disposition
Cleared after review
Recorded
2026-05-25 09:42 UTC

Evidence export

Manifest
JSON · 14 audit rows
Summary
PDF · PII-scrubbed
Bundle
ZIP available
Hash-chained audit · append-only by design

No PII shown

Synthetic preview · no real PIIAudit chain live

Request ·Screen ·Review ·Decide ·Prove

Vocabulary · what we are built to support

Not certifications. Standards and reference frameworks our workflow is shaped around.

  • NIST 800-171

    Control families supported in workflow

  • CMMC L2

    Evidence shape aligned to assessor needs

  • ITAR / EAR

    Foreign-national access review path

  • DCSA SVA evidence

    Exportable record per access decision

  • NISPOM-aware

    Workflow scoped to controlled facilities

  • Audit-ready evidence

    Append-only by design, hash-chained

The control point

Access is granted at a threshold. So is risk.

Most access decisions happen fast, at a desk, with incomplete information.

When screening risk is not resolved before approval, there is no defensible way to show it was considered.

When an assessor or auditor asks how a decision was made, a defensible record matters.

One spine

Five steps. One defensible record.

Every access request moves through the same path and leaves the same trail.

Workflow at a glance

A workflow a reviewer can explain.

One path, one record, one export. No reviewer should have to assemble the story after the fact.

Workflow spine

Request → Screen → Review → Decide → Prove

  1. 01

    Request

    Structured intake of subject, host, site, scope.

  2. 02

    Screen

    Restricted-party screening at submit.

  3. 03

    Review

    A reviewer resolves every potential match.

  4. 04

    Decide

    Approval gate blocks unresolved risk.

  5. 05

    Prove

    Hash-chained evidence pack for every decision.

What the record carries

Each step appends to an append-only audit log. The evidence pack exports the full chain — intake, screening, review, decision — as JSON, PDF, and ZIP.

Operational scope

What this is.
And where it deliberately stops.

Plain-language scope for buyers evaluating Regulated Access against their facility's actual control points.

What it does

  • Captures every access request as a structured record
  • Screens each party against restricted-party sources
  • Routes unresolved risk to an authorized reviewer
  • Blocks unresolved risk at the approval gate
  • Produces an evidence pack for every decision
  • Keeps tenant records isolated under role-based access

Where it stops

  • Not a badge or lobby check-in product
  • Does not make the access decision for you
  • Not a replacement for facility security operations
  • Not a self-serve sign-up product
  • Not a CUI or CTI document repository
  • No production access without authorized provisioning

Comparison

Visitor management records arrival. Regulated Access controls the decision before arrival.

Generic visitor management

  • Starts at sign-in or lobby arrival
  • Optimized for badge issuance and presence
  • Often depends on manual notes for risk context
  • Proof is spread across emails, screenshots, and exports

SecurePoint Regulated Access

  • Starts before the access request is approved
  • Routes screening risk to human review
  • Blocks unresolved matches at the approval gate
  • Exports the decision path and audit trail as evidence

Use cases

Built for facilities where access is a controlled decision.

Technicians in clean-room suits working on aerospace hardware
Defense

Defense & aerospace contractors

Controlled-area visitor, supplier, and contractor decisions before someone reaches the secure threshold.

Technician in a clean laboratory reviewing equipment from a tablet
ITAR / EAR

Export-controlled facilities

Foreign-national access review for ITAR and EAR relevant spaces, equipment, and data.

Researcher handling labeled laboratory samples
Research

Research labs

Pre-access review for sensitive research sites where the decision needs a durable record.

Laboratory staff in controlled clean-room workspace
University

Controlled research universities

Sponsored visitors, collaborators, and foreign-national requests handled before arrival.

Evidence · the proof moment

The decision record is the product.

Regulated Access keeps reviewer history, match-resolution counts, evidence exports, and the audit timeline together so the record can be reviewed after the access decision.

SHA-256 chained
  • Audit timeline

    Captured as structured record context, not loose notes or one-off screenshots.

  • Evidence exports

    Captured as structured record context, not loose notes or one-off screenshots.

  • Review history

    Captured as structured record context, not loose notes or one-off screenshots.

  • Match-resolution counts

    Captured as structured record context, not loose notes or one-off screenshots.

Evidence pack

JSON · PDF · ZIP

manifest.json

Synthetic fixture — no real PII

summary.pdf

  • Hash chain

    Each audit row links to the prior row via SHA-256. Tampering breaks the chain detectably.

  • Reviewer action

    Who acted, in what role, on which case — captured per audit row.

  • Timestamps

    Every audit entry is timestamped server-side, not by the caller.

  • Bundle

    JSON manifest, optional PDF summary, optional ZIP — exportable on demand.

Pilot program

Run a 90-day founding pilot.

Request. Screen. Review. Decide. Prove. See the full decision path on your own facility's terms.

  • Sandbox tenant

    Isolated and disposable

  • Configured screening

    In controlled testing

  • Evidence-export rehearsal

    Under a written scope