Every action in Verisq — assessment submission, control state change, risk acceptance, DSAR fulfillment, evidence upload — recorded with actor, timestamp, before-state, and after-state. The Audit Packet PDF consolidates the artifacts auditors request first.
Append-only audit log with cryptographic chaining for high-integrity events. Tampering is mathematically detectable.
Cover, program certificates, framework coverage matrix, vendor portfolio summary, training coverage, risk register, privacy program summary, evidence index — one PDF.
External auditor access scoped to a single engagement. Comments per control, sample requests, evidence review in-place.
Documents under hold are non-deletable regardless of retention policy. Supports litigation hold requirements.
Verisq's Audit Defensibility is part of the Trust Operations Platform — one data model, one audit trail, one auditor seat.