Governance & trust
Compliance & Audit Evidence
A server-generated, HMAC-signed audit evidence pack — input fingerprints, decision records, model cards and known limitations — ready for governance reviews.
Stage 7 — DeliveryWhat it is
Every analysis is frozen as an immutable, HMAC-signed Run. From it, the server generates a signed audit evidence pack entirely server-side: executive summary, decision record, findings CSV, model card and known-limitations.
The AI narrative is kept separate from the signed deterministic evidence, and verification is reported in three honest tiers: authentic → integrity-only → failed.
What’s possible
- Server-authoritative, signed evidence pack (the client never supplies content or hashes for signing)
- Input fingerprints, architecture decision records, model cards, known limitations
- Three-tier verification; deterministic evidence cleanly separated from AI narrative
Honest scope & limitations
- The architect sign-off inside the pack is self-attested, not a formally governed organizational approval.
- The pack documents a decision aid — it is not an SAP acceptance test, a formal security audit, or SAP certification.