Compliance Evidence

Compliance evidence records connect operational events to controls.

Implemented:

Evidence is created for unauthorized device detection.
Evidence links source event, alert, and ticket/webhook delivery.
Current control mapping includes SOC2-CC7.2.
Evidence is tenant-scoped and auditor-readable.
Auditor evidence reads apply policy-driven redaction before response.
Control catalog v0 includes starter SOC 2, HIPAA, and GLBA controls with evidence expectations.
Control detail links to tenant-safe evidence references so auditors can trace evidence back to the relevant control without seeing raw payloads.
Auditor exports can generate redacted CSV and visible-watermark PDF artifacts.
Export status includes CSV/PDF SHA-256 hashes and every status or artifact read is audited.
Auditors can request CSV/PDF export packages from the Compliance Evidence console, then download generated artifacts after the backend records the export hashes and watermark metadata.
Auditor console sessions show the remaining OP-057 access-window countdown from backend session metadata and switch to an expired notice when the window reaches zero.
Tenant admins can fork OneProtect-managed policy baselines into tenant-managed policies, then edit policy text and evidence expectations from the console with optimistic version control.
Operators and auditors see policy catalog details in read-only mode. Auditor mutation controls are hidden.

Planned: