Generic visitor management
- Starts at sign-in or lobby arrival
- Optimized for badge issuance and presence
- Often depends on manual notes for risk context
- Proof is spread across emails, screenshots, and exports
Decide who gets controlled access before they arrive — and keep the evidence to prove how you decided.
Product surfaces
Synthetic preview
Access decision recorded
Foreign-national lab access · cleared after review
Intake
Screening
Match resolution
Evidence export
No PII shown
Request ·Screen ·Review ·Decide ·Prove
Vocabulary · what we are built to support
Not certifications. Standards and reference frameworks our workflow is shaped around.
NIST 800-171
Control families supported in workflow
CMMC L2
Evidence shape aligned to assessor needs
ITAR / EAR
Foreign-national access review path
DCSA SVA evidence
Exportable record per access decision
NISPOM-aware
Workflow scoped to controlled facilities
Audit-ready evidence
Append-only by design, hash-chained
The control point
Most access decisions happen fast, at a desk, with incomplete information.
When screening risk is not resolved before approval, there is no defensible way to show it was considered.
When an assessor or auditor asks how a decision was made, a defensible record matters.
Workflow at a glance
One path, one record, one export. No reviewer should have to assemble the story after the fact.
Workflow spine
Request → Screen → Review → Decide → Prove
Request
Structured intake of subject, host, site, scope.
Screen
Restricted-party screening at submit.
Review
A reviewer resolves every potential match.
Decide
Approval gate blocks unresolved risk.
Prove
Hash-chained evidence pack for every decision.
What the record carries
Each step appends to an append-only audit log. The evidence pack exports the full chain — intake, screening, review, decision — as JSON, PDF, and ZIP.
Operational scope
Plain-language scope for buyers evaluating Regulated Access against their facility's actual control points.
What it does
Where it stops
Comparison
Use cases
DefenseControlled-area visitor, supplier, and contractor decisions before someone reaches the secure threshold.
ITAR / EARForeign-national access review for ITAR and EAR relevant spaces, equipment, and data.
ResearchPre-access review for sensitive research sites where the decision needs a durable record.
UniversitySponsored visitors, collaborators, and foreign-national requests handled before arrival.
Evidence · the proof moment
Regulated Access keeps reviewer history, match-resolution counts, evidence exports, and the audit timeline together so the record can be reviewed after the access decision.
Captured as structured record context, not loose notes or one-off screenshots.
Captured as structured record context, not loose notes or one-off screenshots.
Captured as structured record context, not loose notes or one-off screenshots.
Captured as structured record context, not loose notes or one-off screenshots.
Evidence pack
JSON · PDF · ZIP
manifest.json
Synthetic fixture — no real PII
summary.pdf
Hash chain
Each audit row links to the prior row via SHA-256. Tampering breaks the chain detectably.
Reviewer action
Who acted, in what role, on which case — captured per audit row.
Timestamps
Every audit entry is timestamped server-side, not by the caller.
Bundle
JSON manifest, optional PDF summary, optional ZIP — exportable on demand.
Pilot program
Request. Screen. Review. Decide. Prove. See the full decision path on your own facility's terms.
Sandbox tenant
Isolated and disposable
Configured screening
In controlled testing
Evidence-export rehearsal
Under a written scope