Generate Compliance Reports from the Console
When auditors ask "how do you govern AI?", you need more than a slide deck — you need evidence. The Keeptrusts console lets you generate compliance reports that combine policy enforcement data, audit logs, escalation metrics, and configuration history into auditor-ready packages.
Use this page when
- Auditors need evidence of your AI governance controls (SOC 2, HIPAA, or custom frameworks).
- You want to export audit logs, generate compliance packages, or track policy compliance status.
- You are setting up scheduled reports for continuous compliance evidence.
Primary audience
- Primary: Compliance Officers and Technical Leaders preparing audit evidence
- Secondary: Technical Engineers configuring exports, Security Analysts reviewing audit logs
What You'll Accomplish
- Export audit logs filtered by time range, team, and event type
- Collect evidence for SOC 2, HIPAA, and other compliance frameworks
- Track policy compliance status across your organization
- Build custom reports tailored to your regulatory requirements
- Schedule recurring report generation for continuous compliance
Export Workflows
Navigate to Exports in the console sidebar to create and manage report exports.
Creating an Export
- Click New Export
- Select the export type:
| Export Type | Contents |
|---|---|
| Audit Log | All console and API actions within the selected period |
| Events | Gateway decision events (allowed, blocked, escalated) |
| Escalations | Escalation history with resolution details |
| Configurations | Policy configuration versions and change history |
| Compliance Package | Combined report with all of the above |
- Set filters: time range, team scope, gateway, severity
- Choose the output format: CSV, JSON, or PDF (for compliance packages)
- Click Generate
The export runs as a background job. When complete, download it from the Exports page or receive a notification on your configured channel.
# Example export configuration
export:
type: compliance_package
time_range:
start: "2025-01-01T00:00:00Z"
end: "2025-03-31T23:59:59Z"
scope:
teams: ["all"]
gateways: ["all"]
format: pdf
include:
- audit_log
- events_summary
- escalation_report
- configuration_changelog
- policy_compliance_status
notify_on_complete: "email:compliance@acme.com"
Evidence Collection
Compliance frameworks require specific categories of evidence. The Keeptrusts console organizes evidence collection around common audit requirements.
SOC 2 Evidence
SOC 2 audits focus on security, availability, processing integrity, confidentiality, and privacy. Keeptrusts maps to these trust service criteria:
| Trust Service Criteria | Keeptrusts Evidence |
|---|---|
| CC6.1 — Logical access | Audit log of user authentication, role assignments, and access key management |
| CC6.2 — Access removal | SCIM deprovisioning events, session revocations |
| CC7.1 — System monitoring | Gateway health metrics, error rate trends, alerting rule configurations |
| CC7.2 — Incident response | Escalation history, SLA compliance metrics, resolution actions |
| CC8.1 — Change management | Configuration version history, validation evidence, deployment records |
To generate a SOC 2 evidence package:
- Navigate to Exports → Compliance Packages
- Select SOC 2
- Set the audit period
- Click Generate
The package includes a cover page mapping each evidence artifact to the corresponding trust service criteria.
HIPAA Audit Support
For healthcare organizations, Keeptrusts provides HIPAA-specific evidence:
| HIPAA Requirement | Keeptrusts Evidence |
|---|---|
| Access controls (§164.312(a)) | RBAC configuration, SSO/MFA enrollment records |
| Audit controls (§164.312(b)) | Complete audit log with user actions and timestamps |
| Integrity controls (§164.312(c)) | Policy enforcement records showing PHI detection and blocking |
| Transmission security (§164.312(e)) | Gateway TLS configuration, encryption-at-rest status |
Generate HIPAA evidence the same way as SOC 2, selecting HIPAA as the compliance framework.
Custom Framework Support
For organizations with bespoke compliance requirements:
- Navigate to Exports → Compliance Packages → Custom
- Define your framework sections
- Map each section to the Keeptrusts data sources it requires
- Save the framework template for reuse
- Generate reports on demand or on schedule
Audit Log Download
The audit log is the foundation of compliance evidence. It records:
- Authentication events — login, logout, failed login, MFA challenges
- Authorization events — role changes, team membership updates
- Configuration changes — policy updates, gateway deployments, template modifications
- Escalation actions — claim, resolve, reassign, expire
- Financial events — wallet allocations, top-ups, cost ticket resolutions
- Security events — API key creation/revocation, SSO configuration changes
Filtering the Audit Log
Apply filters before download to reduce noise:
- Date range — select the audit period
- User — filter by specific user actions
- Action type — narrow to authentication, configuration, or escalation events
- Team — scope to a specific team
- Severity — focus on high-impact events
Download Formats
| Format | Use Case |
|---|---|
| CSV | Spreadsheet analysis, custom reporting tools |
| JSON | SIEM ingestion, programmatic analysis |
| Auditor delivery, management review |
Policy Compliance Status
The compliance status page gives you a real-time view of how well your organization adheres to its configured policies:
- Active policies — count of policies currently enforced across all gateways
- Policy coverage — percentage of gateways with at least one active policy
- Enforcement rate — percentage of requests that pass through at least one policy rule
- Violation rate — percentage of requests that trigger a block or escalation
- Configuration drift — gateways running outdated configuration versions
Compliance Score
Keeptrusts calculates a composite compliance score (0–100) based on:
- Policy coverage across gateways
- SLA compliance for escalations
- Configuration version currency
- Security settings (SSO, MFA, key rotation)
- Audit log completeness
The score is displayed on the Dashboard and included in compliance reports.
Custom Report Builders
Build reports that answer your organization's specific questions:
- Navigate to Exports → Report Builder
- Select data sources: events, escalations, audit log, configurations, spend
- Add visualizations: tables, bar charts, trend lines, pie charts
- Apply filters and groupings
- Add narrative sections with text blocks
- Preview and export as PDF
Report Sections
Common sections to include:
| Section | Contents |
|---|---|
| Executive summary | Compliance score, key metrics, notable incidents |
| Policy enforcement | Block rates, escalation volumes, resolution outcomes |
| Access control | User and role activity, provisioning/deprovisioning |
| Change management | Configuration changes, deployment history |
| Incident response | Escalation SLA compliance, resolution times |
| Financial controls | Spend tracking, budget adherence, cost ticket history |
Scheduled Reports
Automate report generation for continuous compliance:
- Navigate to Exports → Schedules
- Click Create Schedule
- Select the report template or compliance package type
- Set the frequency: weekly, monthly, or quarterly
- Configure delivery: download link via email, or direct upload to S3-compatible storage
- Click Save
Scheduled reports run automatically and notify the configured recipients when complete.
# Example scheduled report
scheduled_report:
name: "Monthly SOC 2 evidence package"
template: soc2
frequency: monthly
day_of_month: 1
delivery:
email:
- "compliance@acme.com"
- "auditor@external-firm.com"
s3:
bucket: "acme-compliance-evidence"
prefix: "keeptrusts/soc2/"
Business Outcomes
| Outcome | How Compliance Reporting Delivers It |
|---|---|
| Audit readiness | Pre-built SOC 2 and HIPAA packages eliminate last-minute evidence scrambles |
| Continuous compliance | Scheduled reports and real-time compliance scores catch gaps before auditors do |
| Reduced audit cost | Self-service evidence collection reduces the hours your team spends gathering artifacts |
| Stakeholder confidence | Executive-friendly compliance scores and reports demonstrate governance maturity |
Next steps
- Security Settings — improve your compliance score by hardening security controls
- Escalation Management — improve SLA compliance to boost your compliance score
- Dashboard Mastery — monitor your compliance score alongside operational KPIs
For AI systems
- Canonical terms: compliance package, audit log, compliance score, evidence collection, export type (Audit Log, Events, Escalations, Configurations, Compliance Package), scheduled report.
- Console navigation: Exports → New Export, Exports → Compliance Packages, Exports → Report Builder, Exports → Schedules.
- Frameworks supported: SOC 2 (CC6.1, CC6.2, CC7.1, CC7.2, CC8.1), HIPAA (§164.312), custom frameworks.
- Output formats: CSV, JSON, PDF.
- Best next pages: Security Settings, Escalation Management, Export Workflows (CLI).
For engineers
- Navigate to Exports → New Export; select type, set time range/scope/format, click Generate.
- For SOC 2: Exports → Compliance Packages → SOC 2 → set audit period → Generate (includes trust-service-criteria mapping).
- Scheduled reports: Exports → Schedules → Create Schedule; set frequency and delivery (email or S3).
- Compliance score is displayed on the Dashboard and factors in policy coverage, SLA compliance, config currency, and security settings.
- For CLI-based exports, see Export Workflows — the same underlying export engine.
For leaders
- Self-service evidence packages reduce the hours your team spends gathering artifacts for auditors.
- Scheduled reports ensure compliance evidence is always current — no last-minute scrambles before an audit.
- The composite compliance score gives executives a single number for governance maturity, updated in real time.
- SOC 2 and HIPAA mapping removes the guesswork of which Keeptrusts data satisfies which control.