The compliance landscape for regulated SaaS companies is undergoing its most significant transformation in decades. As organizations manage the challenges of SOC 2 audits, ISO 27001 certification, GDPR compliance, HIPAA compliance, and PCI DSS compliance, a new type of technology is changing how security teams operate: agentic AI.

Agentic AI is different from traditional software. Traditional software only collects data. In contrast, agentic AI can begin tasks, make intelligent decisions, and complete complex workflows with some human assistance. For compliance teams, this technology makes their work easier. It helps with evidence requests, vendor questionnaires, and control monitoring. Now, they can work independently instead of needing assistance.

This guide looks at how agentic AI is changing security compliance software. It explains what this means for your next SOC 2 audit or ISO 27001 compliance check. It also shows how smart organizations are creating compliance programs for the next decade of rules and regulations.

Understanding Agentic AI in Security Compliance

Before exploring specific applications, it's essential to understand what distinguishes agentic AI from traditional automation in security compliance software.

Traditional Automation vs. Agentic AI

Traditional automated compliance platforms excel at predefined workflows. They collect logs on schedule, send reminder emails at specified intervals, and generate reports from templates. These systems require humans to:

• Decide when to collect evidence

• Determine which evidence is sufficient

• Follow up on incomplete responses

• Identify which controls need attention

• Remediate gaps through manual processes

Agentic AI compliance software operates fundamentally differently. These systems can:

• Assess what evidence is needed based on control status and upcoming audits

• Initiate evidence collection from appropriate sources without prompting

• Evaluate evidence completeness and quality

• Follow up with control owners when responses are insufficient

• Suggest specific remediation actions based on control failures

• Prioritize work based on risk, audit timelines, and business context

• Execute approved remediation workflows automatically

The key difference is that agentic systems do more than follow human commands. They start actions, make decisions based on context, and carry out complex tasks. They also keep human oversight at important decision points.

Why Agentic AI Matters for Compliance

Compliance complexity is growing exponentially. Modern SaaS companies must simultaneously maintain:

• SOC 2 audit readiness for enterprise customers

• ISO 27001 compliance for international markets and certification requirements

• GDPR compliance for EU customer data

• HIPAA compliance when handling healthcare information

• PCI DSS compliance for payment processing

• Third-party risk management across dozens or hundreds of vendors

Managing this through traditional security compliance software requires massive human effort. Compliance teams spend 60-70% of their time on repetitive tasks. They send evidence requests and follow up on incomplete responses. They also track down control owners and organize documents for audits.

Agentic AI shifts this equation dramatically. These systems handle coordination, evidence collection, and routine decisions on their own. This lets humans focus on important tasks like risk assessment, policy development, auditor relationships, and business support.

How Agentic AI Transforms the SOC 2 Audit Process

The SOC 2 audit remains the foundation of trust in B2B SaaS. Understanding how agentic AI changes SOC 2 preparation reveals the broader transformation happening across all compliance frameworks.

Autonomous Evidence Collection for Trust Services Criteria

Traditional SOC 2 audit preparation involves weeks of manual work. Compliance teams make lists of evidence requests. They email control owners and follow up on missing screenshots. They also put together documents that are easy for auditors to review.

Agentic AI compliance software transforms this process:

Context-Aware Evidence Identification: The system looks at your SOC 2 scope. It finds which Trust Services Criteria apply. Then, it decides what types of evidence meet each control. Instead of humans creating evidence request lists, the AI agent builds these requirements automatically based on your specific implementation.

Proactive Evidence Requests: Instead of waiting for audit preparation, the system looks for evidence gaps. It then starts collection requests to the right control owners. These requests explain why evidence is needed. They also state what format is acceptable and how it relates to specific SOC 2 controls.

Intelligent Follow-Up: When control owners don't respond or provide incomplete evidence, the AI agent automatically sends contextual follow-up messages, escalates to managers when necessary, and suggests alternative evidence sources if primary sources are unavailable.

Evidence Quality Assessment: The system evaluates whether submitted evidence actually demonstrates control effectiveness. Screenshots without timestamps can cause problems. Logs that are missing important information are also an issue. Additionally, policies that do not cover the stated control can result in requests for stronger evidence. This happens before auditors notice the gaps.

Dynamic Control Monitoring Between Audits

SOC 2 Type II reports evaluate control effectiveness over a 6-12 month period. Traditional security compliance software monitors controls on fixed schedules, often missing failures that occur between monitoring periods.

Agentic AI enables continuous, context-aware monitoring:

Adaptive Monitoring Frequency: The system adjusts monitoring frequency based on control criticality, historical failure rates, and upcoming audit deadlines. High-risk controls or those with past failures receive more frequent monitoring, while stable controls are checked less often.

Autonomous Failure Investigation: When control monitoring finds possible failures, the AI agent starts investigation workflows. It collects more context, interviews system owners, and documents findings. This all happens before human compliance teams get involved.

Automatic Remediation Suggestions: The system gives control owners specific actions to take. These suggestions depend on the type of failure and previous successful fixes. It often provides step-by-step guidance for implementation.

Proactive Auditor Communication: If control failures need to be shared with auditors, the system creates explanation memos. It also organizes supporting evidence and prepares remediation documents. This helps compliance teams address auditor concerns quickly and efficiently.

Intelligent Audit Preparation

As SOC 2 audit dates approach, agentic AI compliance software orchestrates preparation automatically:

Gap Analysis and Prioritization: The system finds all control gaps. It decides which gaps are critical for audits and which are advisory. Then it creates prioritized plans to address these gaps, including estimated timelines.

Automated Evidence Packaging: Instead of organizing evidence by hand, the AI agent arranges all evidence under control. It adds notes to explain each item and creates matrices that show how controls relate to evidence.

Readiness Assessment: The system gives real-time scores for audit readiness. It shows what work is left and predicts audit results based on current control states.

Agentic AI for ISO 27001 Certification and Compliance

ISO 27001 compliance offers a more thorough security management system than SOC 2. It involves organized risk management. Additionally, it includes 93 controls across 14 areas. Agentic AI's ability to manage complexity makes it particularly valuable for ISO 27001 certification efforts.

Intelligent Risk Assessment Management

ISO 27001 requires ongoing risk assessment, identifying threats, evaluating likelihood and impact, and documenting treatment plans. Traditional approaches rely on periodic workshops and static risk registers, which quickly become outdated.

Agentic AI transforms ISO 27001 risk management:

Continuous Threat Intelligence: The system continuously monitors threat intelligence feeds, vulnerability databases, and industry incident reports, automatically identifying new risks relevant to your environment.

Automatic Risk Assessments: When new systems are added or major changes happen, the AI starts risk assessments on its own. It identifies relevant threats, suggests risk ratings based on similar cases, and recommends the right controls.

Treatment Plan Tracking: Instead of static risk registers, the system tracks risk treatment plans in real-time. It sends alerts when planned actions are overdue and suggests alternatives if the original plans don't work.

Annex A Control Mapping: The system automatically maps your controls to Annex A requirements. It finds control gaps and suggests specific fixes to close them. This speeds up the preparation for ISO 27001 certification.

Automated Statement of Applicability Management

The ISO 27001 Statement of Applicability (SoA) documents, which Annex A controls apply to your organization, and why. Maintaining accurate SoAs is challenging as environments change.

Agentic AI keeps SoAs current automatically:

Applicability Analysis: When new systems or data types are introduced, the AI agent assesses whether any additional Annex A controls apply and drafts SoA updates for human review.

Exclusion Justification: For controls marked as not applicable, the system checks whether environmental changes invalidate prior exclusions and flags any SoA sections requiring revision.

Control Implementation Evidence: The system continuously links implemented controls to SoA declarations, ensuring certification auditors can immediately verify that stated controls actually exist.

Intelligent Audit Coordination for ISO 27001 Certification

ISO 27001 certification audits are more extensive than SOC 2, typically involving multi-day on-site assessments. Agentic AI compliance software orchestrates preparation and execution:

Auditor Interview Preparation: The system identifies which personnel should attend which audit sessions based on their control ownership, prepares briefing materials for each participant, and ensures everyone understands their role.

Real-Time Audit Support: During certification audits, the AI agent can retrieve specific evidence on demand, answer factual questions about control implementation, and track auditor findings as they're raised.

Non-Conformity Remediation: When auditors identify non-conformities, the system immediately drafts corrective action plans, assigns owners, establishes timelines, and tracks implementation—ensuring certification isn't delayed by slow remediation.

Agentic AI for HIPAA Compliance in Healthcare SaaS

HIPAA compliance presents unique challenges for healthcare SaaS platforms. The combination of technical safeguards, administrative requirements, and business associate obligations creates a significant compliance burden. Agentic AI addresses these challenges through intelligent, autonomous workflows.

Continuous Technical Safeguard Monitoring

HIPAA's Technical Safeguards require access controls, audit logging, integrity controls, and transmission security for Protected Health Information (PHI). Traditional security compliance software monitors these on fixed schedules.

Agentic AI provides adaptive HIPAA compliance monitoring:

PHI Flow Detection: The system continuously analyzes data flows to identify where PHI is stored, processed, or transmitted, automatically extending HIPAA controls to newly identified PHI locations.

Access Control Validation: Rather than quarterly access reviews, agentic systems continuously validate that PHI access aligns with minimum necessary principles, automatically flagging excessive access and suggesting revocations.

Encryption Verification: The AI agent monitors encryption implementation across all PHI storage and transmission points, detecting unencrypted PHI and automatically initiating remediation workflows.

Audit Log Analysis: Instead of sampling logs during compliance assessments, agentic systems continuously analyze HIPAA audit logs for unauthorized access patterns, suspicious queries, or policy violations—enabling real-time breach detection.

Intelligent Business Associate Agreement Management

HIPAA compliance extends to all business associates (vendors accessing PHI). Managing Business Associate Agreements (BAAs) and vendor HIPAA compliance becomes exponentially complex as vendor ecosystems grow.

Agentic AI enables automated vendor risk management software workflows:

BAA Status Tracking: The system maintains current BAA status for all vendors, automatically identifying missing agreements and initiating BAA execution workflows with legal and procurement teams.

Vendor HIPAA Assessment: Rather than annual questionnaires, the AI agent continuously assesses vendor HIPAA compliance by monitoring certificates, analyzing security postures, and tracking breach notifications.

Sub-Contractor Management: When vendors engage sub-contractors, agentic systems detect these relationships and verify required BAA flows down to sub-contractors—a requirement many organizations miss.

Breach Notification Monitoring: The system monitors vendor breach notifications, automatically assesses whether breaches affect your organization's PHI, and initiates your own breach notification procedures when required.

Automated Breach Assessment and Notification

HIPAA requires breach risk assessments within 60 days of discovery and patient notification for breaches affecting 500 or more individuals. These timelines demand rapid response.

Agentic AI accelerates HIPAA breach response:

Automated Risk Assessment: When potential breaches are detected, the system immediately initiates the required four-factor risk assessment, gathering relevant context and drafting preliminary assessments for compliance team review.

Notification Workflow Orchestration: For confirmed breaches, the AI agent coordinates notification workflows: drafting patient notification letters, preparing HHS submissions, coordinating media notices for significant breaches, and tracking notification completion.

Documentation Assembly: The system automatically compiles all breach documentation—discovery timeline, risk assessment, notification evidence, and remediation actions—ensuring complete records for potential OCR investigations.

Agentic AI Across GDPR, PCI DSS, and Multi-Framework Compliance

Modern SaaS companies rarely manage just one framework. Agentic AI's ability to work across multiple compliance requirements simultaneously provides significant value.

Unified GDPR Compliance Automation

GDPR compliance requires ongoing operational processes, including fulfilling data subject rights, maintaining data processing records, notifying of breaches, and managing processors.

Agentic AI automates GDPR compliance workflows:

Data Subject Request Processing: When individuals submit GDPR requests (access, deletion, portability), the AI agent automatically identifies all systems containing their data, coordinates with system owners to extract or delete data, and assembles responses within GDPR's 30-day timeline.

Article 30 Records Maintenance: The system continuously updates Records of Processing Activities as new processing activities are identified, ensuring documentation remains current without manual record-keeping.

GDPR Breach Notification: When security incidents occur, agentic systems automatically assess whether GDPR's 72-hour breach notification requirement is triggered and initiate notification workflows to supervisory authorities and affected individuals.

Data Processing Agreement Management: For third-party processors, the AI agent tracks DPA status, monitors for GDPR-compliant clauses, and alerts when processors fail to meet GDPR obligations.

Intelligent PCI DSS Compliance Management

PCI DSS compliance requires quarterly vulnerability scanning, annual penetration testing, and continuous monitoring of cardholder data environments. Agentic AI maintains PCI compliance between formal assessments.

Automated PCI DSS workflows include:

Cardholder Data Discovery: The system continuously scans for cardholder data outside approved environments, automatically flagging violations and initiating remediation.

Compensating Control Documentation: When standard PCI controls are infeasible, the AI agent drafts compensating control documentation explaining why standard controls can't be met and how alternatives provide equivalent protection.

Quarterly Compliance Validation: Rather than scrambling to meet quarterly deadlines, agentic systems maintain continuous PCI DSS compliance evidence and automatically generate quarterly reports.

Cross-Framework Control Mapping

One of agentic AI's most powerful capabilities is managing control overlap across frameworks. A single access control implementation might satisfy requirements for SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS compliance simultaneously.

Agentic AI optimizes multi-framework compliance:

Automatic Control Mapping: The system identifies which implemented controls satisfy requirements across multiple frameworks, preventing duplicative implementation efforts.

Gap Analysis Across Frameworks: When control gaps exist, the AI agent prioritizes filling gaps that affect multiple frameworks first, maximizing compliance improvement per remediation effort.

Evidence Reuse: Evidence collected for one framework is automatically mapped to relevant controls in other frameworks, eliminating redundant evidence collection.

Unified Audit Preparation: Organizations pursuing multiple certifications or audits simultaneously receive coordinated preparation plans that optimize shared work and minimize disruption.

Agentic AI for Third-Party Risk Management

Vendor ecosystems create significant compliance risk. Traditional vendor risk management software involves periodic assessments, but agentic AI enables truly continuous third-party risk management.

Autonomous Vendor Discovery and Onboarding

Many organizations lack complete vendor inventories. Agentic AI solves this through continuous discovery:

Automatic Vendor Detection: The system monitors expense systems, network traffic, and SaaS usage to automatically identify all vendors, ensuring your vendor inventory remains comprehensive.

Risk-Based Assessment Initiation: When new vendors are detected, the AI agent automatically assesses the risk level based on data access, determines the appropriate assessment depth, and initiates security questionnaires or full assessments accordingly.

Contract Intelligence: The system analyzes vendor contracts for missing security terms, inadequate liability provisions, or absent data protection clauses—flagging issues before contracts are signed.

Continuous Vendor Security Monitoring

Annual vendor assessments quickly become outdated. Agentic vendor risk management software maintains current risk visibility:

Certification Monitoring: The system tracks vendor security certifications (SOC 2, ISO 27001, HIPAA, PCI DSS), alerts when certifications expire, and automatically requests updated reports.

Breach Intelligence: The AI agent monitors for vendor security incidents, assesses whether breaches affect your organization, and initiates incident response workflows when vendor breaches create organizational risk.

Security Posture Scoring: Instead of fixed risk ratings, agentic systems give changing vendor risk scores. These scores update as vendor security improves or worsens, allowing for better risk management.

Automated Vendor Questionnaire Management

Security questionnaires consume enormous time for both assessors and vendors. Agentic AI streamlines this process:

Intelligent Questionnaire Generation: Instead of sending identical questionnaires to all vendors, the AI agent customizes questions based on vendor type, data access, and criticality—reducing burden while improving assessment quality.

Response Analysis: The system automatically analyzes vendor responses, flags concerning answers, identifies gaps, and generates follow-up questions—all before humans review results.

Evidence Validation: When vendors claim specific security implementations, the AI agent can verify claims through certificate checks, configuration reviews, or third-party data sources.

The Human-AI Partnership in Agentic Compliance

Despite autonomous capabilities, agentic AI compliance software is not designed to eliminate human involvement. Instead, it forms a strong partnership. AI handles large tasks and routine decisions. Meanwhile, humans focus on judgment, strategy, and responsibility.

What Agentic AI Handles Autonomously

Routine Evidence Collection: Gathering logs, screenshots, configuration files, and system-generated documentation without human initiation.

Schedule Management: Tracking evidence collection deadlines, audit schedules, certification renewals, and control monitoring frequencies.

Stakeholder Coordination: Following up with control owners, scheduling reviews, and escalating overdue items appropriately.

Documentation Assembly: Organizing evidence into auditor-requested formats, generating compliance reports, and maintaining current documentation.

Routine Risk Assessment: Evaluating standard risks using established methodologies and historical data.

Vendor Monitoring: Tracking vendor certifications, monitoring for incidents, and maintaining current risk scores.

Compliance Tracking: Monitoring control status across frameworks, identifying gaps, and tracking remediation progress.

What Requires Human Judgment and Oversight

Strategic Risk Decisions: Determining organizational risk appetite, accepting residual risks, and prioritizing competing security investments.

Policy Development: Creating security policies that balance protection with business enablement and organizational culture.

Audit Strategy: Deciding certification timing, scope decisions for ISO 27001 certification, and audit firm selection.

Vendor Selection: Making trust decisions about critical vendors, negotiating contract terms, and managing vendor relationships.

Regulatory Interpretation: Applying GDPR compliance principles to novel situations, determining HIPAA applicability, and interpreting PCI DSS requirements.

Incident Response Leadership: Making real-time decisions during security incidents, breach notification determinations, and crisis communication.

Stakeholder Communication: Building auditor relationships, presenting compliance status to executives and boards, and managing customer security inquiries.

Exception Approvals: Authorizing deviations from standard controls, approving compensating controls, and accepting temporary control gaps.

Building Effective Human-AI Workflows

Organizations succeeding with agentic AI compliance software establish clear decision boundaries:

Approval Thresholds: Define which AI-initiated actions execute automatically versus requiring human approval. Low-risk evidence requests might proceed autonomously, while high-impact remediations require review.

Escalation Criteria: Establish when AI agents should escalate to humans—typically when encountering novel situations, conflicting data, or decisions with significant business impact.

Review Cadences: Implement regular human reviews of AI decisions to ensure quality, identify opportunities for improvement, and maintain accountability.

Override Mechanisms: Provide easy ways for humans to override AI recommendations when business context justifies different approaches.

Feedback Loops: Create mechanisms for humans to correct AI errors, improving system accuracy over time.

Implementing Agentic AI Compliance Software: A Roadmap

Organizations ready to adopt agentic AI compliance software should follow a structured implementation approach:

Phase 1: Foundation Assessment (Month 1)

Current State Analysis: Review the current compliance processes and frameworks. This includes SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. Identify any issues with the current security compliance software.

Workflow Mapping: Identify which compliance workflows are most repetitive, time-consuming, and suitable for agentic automation.

Decision Boundary Definition: Establish which decisions AI agents can make autonomously versus requiring human approval.

Integration Requirements: Determine which systems (identity management, cloud infrastructure, SIEM, ticketing) must integrate with your automated compliance platform.

Phase 2: Pilot Implementation (Months 2-3)

Focused Scope Selection: Start with one framework, like SOC 2 audit preparation, or one workflow, such as evidence collection. Avoid trying to do everything at once.

AI Agent Configuration: Train the system on your specific control implementations, evidence requirements, and organizational processes.

Human-AI Protocol Establishment: Define how humans will interact with AI agents—approval workflows, escalation procedures, and review cadences.

Feedback Collection: Gather extensive feedback from compliance teams on AI agent performance, accuracy, and value delivery.

Phase 3: Expanded Deployment (Months 4-6)

Additional Framework Coverage: Extend agentic AI to additional frameworks, including ISO 27001, GDPR, HIPAA, and PCI DSS.

Vendor Risk Integration: Implement agentic vendor risk management software capabilities for third-party risk management and continuous vendor monitoring.

Cross-Framework Optimization: Configure control mapping across frameworks to maximize efficiency through shared evidence and unified workflows.

Continuous Improvement: Refine AI agent behavior based on operational experience, correcting errors and expanding autonomous decision-making as confidence grows.

Phase 4: Maturity and Optimization (Months 6+)

Advanced Automation: Enable more complex autonomous workflows as trust in the system increases—such as automated remediation execution or self-service auditor evidence portals.

Predictive Capabilities: Leverage AI insights to predict audit outcomes, forecast certification timelines, and proactively address emerging risks.

Strategic Planning: Use compliance data aggregated by agentic systems to inform security strategy, investment decisions, and business planning.

Competitive Advantage: Promote compliance maturity to customers, highlighting continuous assurance capabilities and rapid security validation.

The Business Impact of Agentic Compliance

Beyond operational efficiency, agentic AI compliance software delivers measurable business outcomes:

Accelerated Sales Cycles

Enterprise buyers require security validation before purchase. Organizations with agentic AI can quickly show proof of SOC 2 audit compliance. They can also provide certification status for ISO 27001, GDPR, HIPAA, and PCI DSS. This speeds up security reviews that usually delay deals by weeks or months.

Reduced Audit Costs

Continuous evidence collection and automated audit preparation reduce both internal labor costs and external auditor fees. Organizations report 50-70% reductions in audit preparation time after implementing agentic automated compliance platforms.

Lower Compliance Risk

Continuous monitoring and proactive gap remediation significantly reduce the risk of audit failures, certification denial, or compliance violations. Early detection of control failures allows remediation on your timeline rather than under audit pressure.

Scalable Growth

Organizations that expand into new markets need ISO 27001 certification. They also enter new industries that require HIPAA compliance. They may offer new services that add PCI DSS compliance. Agentic systems can scale efficiently without hiring additional staff.

Board and Executive Confidence

Real-time compliance dashboards and predictive risk insights give leadership unprecedented visibility into organizational security posture, supporting informed decision-making and strategic planning.

The Future: Where Agentic Compliance Is Heading

Agentic AI compliance software represents the beginning of a longer transformation. Future developments will include:

Self-Healing Controls: These systems detect control failures and fix them automatically. For example, they can automatically revoke too much access or turn security features back on.

Predictive Compliance:

AI can predict which controls may fail. It can also identify vendors that might bring new risks. Additionally, it highlights compliance gaps that could affect future audits. This allows for proactive management.

Natural Language Compliance: Conversational tools let compliance teams ask questions in simple English. For example, they can ask, "Are we ready for our SOC 2 audit?" or "Which vendors pose a GDPR risk?"

Autonomous Audit Facilitation: AI agents work directly with auditors during assessments. They retrieve requested evidence, answer questions, and coordinate interviews. This allows humans to focus on important audit discussions.

Cross-Organizational Collaboration: Standard protocols let different organizations share vendor risk data. They can also share threat intelligence and work together on third-party risk management.

Conclusion: The Agentic Compliance Imperative

The compliance burden facing regulated SaaS companies will only increase. More frameworks, more frequent audits, more vendor complexity, and more customer security requirements create an unsustainable trajectory for manual compliance processes.

Agentic AI compliance software provides a new way to work. In this system, autonomous tools manage coordination and routine choices. This allows humans to focus on judgment, strategy, and relationship-building.

Organizations that adopt agentic AI now will build:

• Faster audit cycles through continuous evidence collection and automated preparation

• Lower operational costs by eliminating repetitive coordination work

• Better risk management via proactive monitoring and early gap detection

• Competitive advantages from demonstrating mature, continuous compliance to customers

• Scalable compliance programs that grow with the business without proportional headcount

Agentic AI is the future of compliance work. It can help you prepare for your first SOC 2 audit. It is also useful for getting ISO 27001 certification. It can help you maintain HIPAA and GDPR compliance. It also supports achieving PCI DSS compliance and managing complex third-party risk.

The question is not if we should adopt agentic compliance. It is whether we will lead this change or try to catch up later.

Transform Your Compliance Program with DSALTA's Agentic AI Platform

DSALTA created agentic AI for security compliance. We built the first fully autonomous compliance platform. It works with your team, not just for them.

Our agentic AI compliance software provides:

• Autonomous evidence collection that continuously gathers audit-ready documentation across SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS

• Intelligent vendor risk management with continuous monitoring, automated assessments, and proactive risk alerts

• Self-initiating workflows for control monitoring, gap remediation, and stakeholder coordination

• Multi-framework optimization that maps controls across all your compliance requirements

• Human-AI partnership design that keeps humans in control of judgment while AI handles scale

Stop spending 70% of compliance time on coordination and evidence hunting. Start building the continuous, intelligent compliance program your customers expect.

Schedule a demo to see how DSALTA's agentic AI transforms compliance from a periodic obligation into a continuous competitive advantage or explore our platform to learn how autonomous compliance actually works.

The future of compliance is agentic. Build it with DSALTA.