Home Products Coverage Regulated Overview Documentation Releases Licensing Support

Compliance Evidence

Compliance evidence that auditors accept. Generated automatically. Every run.

What the evidence package contains

Every audit run produces a tamper-evident evidence package that can be handed directly to an external auditor.

Artifact	Description
Audit output files	Raw and normalised findings per control check
Configuration snapshots	System state at time of audit
SHA-256 checksums	Integrity verification for every artifact
MANIFEST.json	Structured index of all package contents
SHA256SUMS.txt	Flat checksum file for auditor verification
Framework mapping	Findings organised by PCI-DSS, SOC 2, NIST, CIS references
Digital signature	Package signing for chain-of-custody
README for auditors	Human-readable guide to package structure

Trend and trajectory reporting

✓Run comparison showing improvement between audits
✓30/60/90 day compliance trajectory
✓Before/after metrics with compliance deltas
✓Organisation-wide summary for management reporting

Framework coverage

✓NIST SP 800-53 control family mapping
✓CIS Benchmark Level 1 and Level 2 references
✓PCI-DSS finding-to-control mapping
✓SOC 2 audit trail and access control evidence structure
✓ISO 27001 Annex A reference mapping

Remediation evidence

✓Full remediation audit trail: operator identity, timestamp, fix, outcome
✓Rollback history for every execution ID
✓Pre-change backups with checksums
✓Post-remediation validation results

API endpoints for evidence automation

✓POST /api/evidence/collect/assessment
✓GET /api/evidence/packages/<id>/export
✓POST /api/evidence/packages/<id>/sign

View Audit Admin Toolkit Arrange Evaluation