Skip to content
Compliance · the measurement capability

Compliance, declared honestly.

A tool can disprove a control — a fired check is a real failure — but it can never prove conformance. Watchdog evidences the automatable slice, blocks you from passing a control it caught failing without a recorded reason, and leaves the rest with a named person who self-declares. We measure; you declare; we never certify.

A clean automated result is necessary, not sufficient — a green Watchdog score is never, by itself, a compliance claim.

Evaluation

How a control gets evaluated — what a tool can do, and where a human must.

Tool-automated

The automatable surface — a live CVE, a committed secret, a missing label. A failure here is real: the control is pre-set to Fail and gates sign-off.

Evidence-assisted

Needs rendered runtime, assistive tech, or operational evidence — contrast, focus order, access control, backups. You evaluate; we record the basis.

Human judgement

Governance, incident handling, the resilience-testing programme, alt-text equivalence. You judge it — and it's recorded as your judgement, never dressed up as tool-evidence.

Integrity

The integrity keystone: we won't let you pass what we caught failing.

The failure-gate

A caught failure pre-sets the control to Fail and locks it. To mark it Pass you must record a written justification — reproduced in full in an Integrity section of the artifact. A thermometer you can hide readings from is rigged; this one can't be.

Provenance on every line

Each verdict says how it was reached: tool-verified / evidence-assisted / AI-drafted-and-reviewed / human attestation — so a buyer, auditor or competent authority sees which claims a machine stands behind and which a person does.

What Watchdog will never claimWe do not certify and are not a notified body or competent authority. A Watchdog score is not a compliance claim. "Tool clean" means no automated failure — necessary, not sufficient. We never auto-pass a control on your behalf; nothing is signed without a human. Organizational controls are recorded as human attestation, never dressed up as tool-evidenced. The candour is the product: a compliance claim is only worth what its honesty can survive — an auditor, a regulator, and a court.
Buying, regulated, or need the signed pack? The compliance buyer hub and the signed Conformance Pack live on Assay. Watchdog measures the automatable slice; Assay turns it into an audit-defensible, signed artifact.

Declare it honestly.

We measure; you declare; we never certify.