Skip to main content
For AI agents: a documentation index is available at https://docs.coverbase.com/llms.txt — this page is also available in markdown by appending .md to the URL.
Obligations Tracker keeps a living record of what your organization is responsible for when it engages a third party. Complementary user-entity controls (CUECs), contractual and legal terms, statement-of-work duties, and technical controls are extracted, assigned, and monitored so commitments don’t fall through the cracks between procurement, legal, and the control owners who actually have to satisfy them.

What it does

Obligation capture

Capture obligations from contracts, SOWs, and assessments — CUECs, legal terms, service-level duties, and technical controls — into structured, trackable records.

Ownership and assignment

Assign each obligation to an owner with a due date and status, so responsibility for every commitment is explicit and auditable.

CUEC management

Track complementary user-entity controls surfaced in vendor SOC 2 reports and confirm your side of each shared-responsibility control is satisfied.

Lifecycle monitoring

Monitor obligations across the engagement lifecycle and flag what’s overdue, at risk, or affected by a contract amendment or risk change.

How to integrate

Obligations API

List, retrieve, and filter obligations and their status programmatically.

Export API

Pull obligations into your GRC platform, contract management system, or compliance dashboards.

MCP Server

Query obligations conversationally. “Which CUECs are unsatisfied for our tier-1 vendors?” or “What obligations are due this quarter?”

Webhooks

Subscribe to Obligation.* events and react when obligations are created, reassigned, or come due.

Common workflows

CUEC shared-responsibility coverage

When a vendor’s SOC 2 lists complementary user-entity controls, Obligations Tracker captures each one, assigns the responsible owner on your side, and tracks confirmation so shared-responsibility gaps are closed before they become audit findings.
Obligations extracted by Contract Guardian flow into the tracker, where SLAs, audit rights, and notification duties are assigned and monitored against the live engagement.
On renewal or amendment, re-evaluate which obligations changed, expired, or were added, and reassign ownership so the obligation surface stays aligned with the current agreement.
Obligations are surfaced through the Obligations API, the Export API, and the MCP server. Obligations extracted by Contract Guardian feed directly into the tracker.