Audit Vault

The Audit Vault provides a centralized repository of audit results, where auditors document control validations, mark compliance statuses, and add remarks. This page enables compliance teams, risk managers, and business stakeholders to view auditor decisions and evidence in a structured format.

Purpose

The purpose of the Audit Vault (Read-Only View) is to:

  • Provide visibility into audit outcomes without allowing modification.

  • Allow stakeholders to see which controls are compliant, non-compliant, or require further attention.

  • Preserve the integrity of audit records by restricting access to view-only mode.

Features

  1. Control & Sub-Control Listing

  • Displays compliance framework controls (e.g., COSO Principles).

  • Each control expands into detailed sub-controls for transparency.

  1. View Findings

The Findings Report provides client administrators with detailed insights into compliance checks performed on organizational resources. It helps administrators monitor security configurations, identify issues, and take corrective actions where required.

Understanding the Findings Report Table

The report is displayed in a table format with the following details:

  • Sr. No – A sequential number assigned to each finding for easy reference.

  • Title – Describes the compliance check performed (e.g., Ensure unused User Access Keys are disabled).

  • Status – Shows the result of the compliance check:

    • Pass – The control meets compliance requirements.

    • Fail – The control does not meet compliance requirements and needs attention.

  • Severity – Indicates the level of risk if the issue is not addressed (Low, Medium, High).

  • Service – Displays the cloud service or system component under review (e.g., IAM).

  • Region – Specifies the geographical region of the assessed resource.

  • Resource – Identifies the exact system, account, or resource related to the finding.

Action Options

Each row in the Findings Report provides an Actions option.

When a client administrator clicks the View Details button (eye icon) from the Findings Report, a detailed view of the selected finding is displayed. This helps the administrator analyze the issue in depth and plan corrective actions.

Summary Section

The Summary provides a quick overview of the finding:

  • Status – Compliance result (Pass/Fail).

  • Severity – The level of risk (e.g., Low, Medium, High).

  • Service – The cloud service or resource type under review (e.g., IAM).

  • Resource – Name of the impacted resource.

  • Resource ID – Unique identifier of the resource.

  • Region – Location where the resource resides.

  • Checked At – Date and time when the check was performed.

  • Resource ARN – The Amazon Resource Name providing a unique global identifier.

  • Resource Type – Classification of the resource (e.g., AWS IAM User).

Details Section

This section provides a deeper explanation of the finding:

  • Message – Describes the exact issue detected (e.g., User does not have access keys).

  • Description – Explains the compliance requirement (e.g., Ensure unused User Access Keys are disabled).

  • Risk – Highlights the potential impact on security if the issue is not addressed. For example:

    • Unused or unnecessary credentials may become an entry point for attackers.

    • Former employee accounts left active pose compliance and security risks.

Remediation Section

This section provides actionable guidance to resolve the finding:

  • Recommendation Date – When the remediation guidance was generated.

  • Resource Type – Identifies the type of resource requiring remediation.

  • Recommendation/Steps – Provides practical steps to resolve the issue. For instance:

    • Disable or delete unused access keys.

    • Rotate credentials and enforce strong password policies.

    • Remove inactive users or resources that are no longer required.

Finding History Section

The Finding History tracks previous scan results for the same finding. This helps administrators monitor remediation progress over time.

For each historical record, the following information is displayed:

  • Finding ID – Unique reference number of the finding.

  • Status – Whether the finding was marked Pass or Fail in earlier scans.

  • Scan Name – The specific scan or test during which the finding was generated.

  • Timestamp – Date and time of the previous scan.

  1. Evidence Access

  • “View Evidence” allows stakeholders to check the supporting evidence uploaded by auditors.

  • No editing or uploading option is available in this view.

Evidence Details View (on clicking Eye Icon 👁️)

When you click the eye icon in the “Details” column:

  • A side panel titled "Evidence Management" opens.

  • It shows all files uploaded under that evidence record.

Details Panel Features

For each uploaded file, the following information and actions are available:

  • Thumbnail Preview – Small image of the uploaded file (if applicable).

  • File Name – The original file name.

  • Uploaded At – Date & time of upload.

  • Actions Available:

    • View file 👁️– View the file directly.

    • Download ⬇️ – Download the file locally.

    • Delete 🗑️ – Permanently remove the file from the evidence record.

This structure allows multiple files to be associated with one evidence item (for example, multiple screenshots supporting the same control).

  1. Status Indicators

  • A green checkmark (✔) indicates that auditors have verified compliance for the corresponding sub-control.

  • If unchecked, it means evidence is pending review or not yet compliant.

  1. Remarks Section

  • Shows auditor comments or feedback.

  • Stakeholders can read remarks but cannot add, edit, or delete them.

  1. Download Evidence and Findings: You can download all associated evidence and findings by selecting the download icon. A pop-up window will appear, allowing you to choose the preferred download format:

    • Organized by Criteria: Files are grouped into folders based on relevant criteria.

    • All Files in a Single Folder: All evidence and findings are compiled into a single .zip file.

Once the download option is selected, a confirmation message appears indicating that the .zip file containing all evidence and findings has been sent to your registered email address for secure access.

Business Value

The Audit Vault (Read-Only View) ensures:

  • Audit Integrity: Records are locked to prevent post-audit modifications.

  • Transparency: Stakeholders can clearly see evidence and auditor feedback.

  • Accountability: Audit remarks highlight required actions or validations.

  • Compliance Readiness: Provides proof of audit trail for regulatory requirements.

Auditors manage this data, you can only view it.

PreviousPolicy HubNextEvidence Center

Last updated