How does Progull handle identity on the mainframe?

Named surrogate IDs under RACF, ACF2 or Top Secret with least-privilege profiles per environment.

Security & Compliance

Answers to the questions your CISO will ask first.

Q: Where does Progull run?

On-prem, private cloud, or hybrid. You control where reasoning happens and where logs land.

Progull operates inside some of the most regulated, most audited environments on the planet. Identity, data residency, action governance and explainability are designed in from line one.

Identity & authority

Named surrogate IDs under RACF/ACF2/Top Secret with least-privilege profiles per environment.

Data residency

Run fully on-prem, private cloud, or hybrid. You control where reasoning happens and where logs land.

Action governance

Read-first by default. Every write requires a policy match, is signed and logged with a worknote.

Audit & explainability

Every agent input, hypothesis and action is persisted against the incident for regulator-grade audit.

Security FAQ

The questions we get on every procurement call.

Control mapping

Mapped to the controls your auditors already test.

A condensed view of how Progull aligns to SOC 2 trust services criteria. Full mapping (SOC 2, ISO 27001, NIST 800-53) is shared during procurement.

CC1 — Control environment: Background checks, code of conduct, security training annually
CC2 — Communication: Customer status page, scheduled architecture reviews, signed SIG/CAIQ
CC6 — Logical access: SSO, MFA, JIT broker access, quarterly access reviews
CC7 — System operations: 24/7 on-call, change management, immutable infrastructure
CC8 — Change management: Code review, signed commits, staged rollouts to mainframe tenants
CC9 — Risk mitigation: Vendor reviews, annual third-party pen tests, per-release threat models

Need our SIG, SOC 2 report or architecture deep-dive?

Tell us about your environment and we'll route the right materials under NDA — and walk your security team through the deployment topology that fits.

Talk to our security team

Answers to the questions your CISO will ask first.

Identity & authority

Data residency

Action governance

Audit & explainability

The questions we get on every procurement call.

What identity does Progull use against the mainframe?

Can Progull run fully on-prem, with no outbound traffic?

Where does mainframe telemetry actually live?

How do you prevent the agent from doing something destructive?

How do you handle sensitive data inside dumps and SYSOUT?

Which LLM provider do you use, and can you switch?

How is each agent decision audited?

What is your stance on training on customer telemetry?

Which standards and certifications are you aligned to?

How is access to Progull itself controlled?

What happens if an LLM hallucinates a remediation step?

How do you handle prompt-injection from log content?

Do you support BYO encryption keys (BYOK / HYOK)?

What is your incident response and disclosure policy?

Are background checks performed on operators with access?

Mapped to the controls your auditors already test.

Need our SIG, SOC 2 report or architecture deep-dive?