Audit-Grade Evidence Bundles
For practitioners; board-ready narratives for leadership. Export the artifacts you need—technical detail for investigation, compliance narrative for regulators.
Outputs
Evidence Bundles (JSON + Markdown)
Complete run records: scenario definitions, execution logs, all decision lineage artifacts, findings register with root causes and remediation links, pack version pinning, control contract specifications, approval trails. Immutable and timestamped.
Executive Summary Report
Board-ready, compliance-friendly: Resilience score + trend line, high-level findings (count by severity, control category), coverage snapshot (contracts exercised, gaps identified), key remediation actions (in-flight, completed), risk rating (acceptable, requires monitoring, unacceptable).
Run Comparisons
Baseline vs. current vs. target state: Side-by-side metrics, control flip analysis, decision-point deltas, improvement/regression narrative with evidence links.
Finding Register Export
For GRC and remediation tracking: Structured data (CSV/JSON): finding ID, severity, decision point, root cause, assigned remediation owner, due date, status, retest results, linked pack/run versions. Integrates with governance and audit platforms.
Control Assessment Report
For regulators and internal audit: Contract-by-contract control specification, test coverage evidence (which scenarios validate each contract), gaps and remediation evidence, approval and sign-off trails, compliance-relevant lineage samples.
What Makes it "Audit-Ready"
Immutable Run Identifiers
Every run assigned unique, tamper-evident ID for regulatory reference.
Pack Version Pinning
Findings always linked to specific pack version; rollback history auditable.
Lineage Artifacts
Complete decision trace exportable for individual applicant review (if needed for complaint investigation or regulatory inquiry).
Control Specification
Contracts serve as control definitions; test scenarios prove controls are operating as designed.
Remediation Traceability
From finding → patch pattern → retest run → closure, all linked and documented.
Approval Workflows
Pack publishing, run authorization, finding sign-off all logged with timestamps and actor attribution.