NRUN
Attest

Policy acceptance. Provable.

NRUN Attest turns policy acceptance into cryptographically verifiable audit evidence — with SSO identity, versioned attestations, Policy as Code (PaC), and regulation-aware templates (HIPAA, SOX, CCPA, and more).

Sign in with SSO See a sample attestation
No agents required Live in minutes Built for audit traceability
v1 focus

Designed for regulated orgs

HIPAA safeguard awareness and SOX ITGC traceability built in—without claiming certification.

Fast
Users sign in minutes. No agents required.
Audit-ready
Hash + version + timestamp evidence.
Regulation-aware
Structured for mapping to controls and audits.

Start with policy. Everything else follows.

Without a clear policy, there’s nothing defensible to enforce. NRUN Attest preserves the exact policy a user agreed to—its version, effective date, and hierarchy—and records acceptance as evidence you can prove later.

AUP
Acceptable Use Policy
Defines allowed and prohibited behavior. Establishes authority and scope.
DLP
Data Loss Prevention
Defines data classification and handling rules across systems and channels.
AIP
Artificial Intelligence Policy
Applies DLP rules to AI workflows to prevent disclosure of IP and customer data to public or unauthorized AI tools.

Where policy governance quietly breaks down

In most organizations, policies are written once, reviewed sporadically, and rarely enforced as living artifacts. Even when updates occur, acceptance of those changes is often assumed — not proven.

The reality in most environments

Acceptable Use, Data Loss Prevention, and AI policies are frequently updated on an informal or ad-hoc basis — if they are updated at all. Annual reviews slip. Ownership changes. New tools appear faster than governance can respond.

And even when a policy is revised, one critical step is usually missed: users are never required to re-attest to the updated version.

  • Policies evolve, but attestations remain tied to older versions
  • Organizations assume awareness without proof
  • There is no defensible record of acceptance for updated expectations
  • Auditors and regulators see a gap between “policy exists” and “policy was acknowledged”
This creates a governance gap: expectations change, but evidence does not. In audits and investigations, that gap becomes risk.

How NRUN Attest closes the gap

NRUN Attest treats policies as living, versioned artifacts — not static documents. Every update introduces a new, explicit moment of acceptance.

  • Versioned re-attestation — users must acknowledge material policy changes
  • Defined cadence — annual, quarterly, or event-driven review cycles
  • Coverage visibility — see who has and has not accepted the latest version
  • Immutable history — preserve evidence of what was agreed to at each point in time

Templates that evolve with the landscape

Attest policy templates are continuously updated to reflect emerging risks, regulatory guidance, and real-world usage — especially for fast-moving areas like AI.

Instead of rediscovering gaps every year, organizations inherit a structured baseline that:

  • Incorporates current regulatory expectations
  • Aligns with modern tooling and workflows
  • Triggers re-attestation when expectations change
  • Creates a predictable, auditable governance rhythm

Pricing

Attest is priced by organizational size to reflect audit scope and evidence responsibility — not per-user activity. NodeRunner is priced per device, per month.

Attest
Trial
$0 /14 days
Evaluate policy attestation and audit evidence.
  • Up to 3 policies (AUP, DLP, AIP)
  • Unlimited signers
  • Signing links + coverage view
  • 14-day evidence retention
  • CSV export (v1)
Start 14-day trial See sample attestation
Upgrade to retain evidence and enable SSO.
Most popular
Attest Teams
$299–$1,999 /month
Scales with organizational size and audit exposure.
  • Unlimited policies
  • SSO (Entra ID, Okta, Google)
  • Policy versioning + re-attestation
  • 1–3 year evidence retention
  • Integrity metadata (hashes, timestamps)
  • CSV export + basic API access
Monthly pricing by org size:
  • Up to 100 users — $299
  • 101–1,000 users — $599
  • 1,001–5,000 users — $1,199
  • 5,001–10,000 users — $1,999
Start Attest Teams Talk to sales
Designed for regulated organizations.
Enterprise
Attest + NodeRunner
Custom /year
For large enterprises that need continuous evidence and enforcement.
  • Attest Enterprise (5–7 year retention)
  • Region-specific data residency
  • Assertion hash retention
  • Continuous Compliance (evidence mode)
  • Persona-backed violations & risk
  • Control Radar mappings
Request pricing Explore NodeRunner
NodeRunner is priced per device, per month.
Attest pricing scales by organizational size to reflect audit scope and evidence retention. NodeRunner pricing is based on managed devices.

Evidence you can verify — years later.

Each acceptance produces an audit-ready record that can be independently validated.

#

Policy hash

Proves the exact document content at the time of signing.

Versioned attestation

Tracks which policy iteration was accepted and when re-attestation is required.

Forensic metadata

Timestamp + identity + signing method + integrity-ready exports for audits.

Signed byjane.doe@company.com
PolicyAIP v1.3
SHA-2569f5a…c21e
UTC2026-02-07 02:14:09Z

Acceptance is the start. Assurance is the goal.

Signing proves awareness. Regulated orgs need defensible proof that expectations are understood and can be mapped to controls. NRUN Attest structures policy acceptance so it can be tied to regulatory requirements—and extended into continuous evidence when enforcement is enabled.

When auditors ask, “How do you know it’s followed?”

NRUN Attest proves intent. NodeRunner proves reality.

NRUN Attest
  • Proves policies were communicated and acknowledged
  • Produces audit-ready, verifiable attestations
  • Tracks coverage and missing signers
Attest + NodeRunner
  • Proves adherence via device and behavior evidence
  • Persona-backed compliance: who, what, why, since when
  • Continuous controls mapped into Control Radar
Designed to support common frameworks without claiming certification or replacing governance processes.