Skip to content

Compliance Evidence & Reporting

Built-in compliance reporting, audit log access, and evidence generation capabilities

Last Updated: 2026-05-01

1. Overview

MazeVault provides built-in compliance reporting and audit evidence generation. Customers with the Auditor role have read-only access to all compliance and audit features described below.

2. Compliance Reports

The platform generates structured compliance reports aligned with major regulatory frameworks:

GET /api/v1/compliance/iso27001    — ISO/IEC 27001:2022 control status
GET /api/v1/compliance/soc2        — SOC 2 Trust Service Criteria
GET /api/v1/compliance/pci-dss     — PCI DSS relevant controls
GET /api/v1/compliance/gdpr        — GDPR Article 32 technical measures

Each report returns:

  • Overall compliance score (0–100) and status
  • Per-control implementation status (Implemented / Partial / Planned)
  • Evidence references
  • Certificate and rotation statistics
  • Recommendations for improvement

3. Audit Log Access

Search API

POST /api/v1/audit-logs/search

Filters:

Filter Description
start_date / end_date Date range
user_id Specific user
action Event type (e.g., auth.login.failure, certificate.issued)
entity_type Target type (user, certificate, project, secret)
severity Event severity (info, warning, critical)
ip_address Source IP

Log Integrity

Every audit event contains a chain_hash — SHA-256 hash linking it to the previous event. An unbroken chain proves logs have not been tampered with. Verification:

event[n].chain_hash == SHA256(event[n-1].chain_hash + serialize(event[n].data))

Retention

  • Production: 365 days (configurable, minimum 1 year recommended for PCI DSS / SOC 2)
  • Staging: 90 days
  • Development: 30 days

4. Certificate Reports

GET /api/v1/reports/certificates    — Full certificate inventory with health status
GET /api/v1/reports/preview         — Weekly expiry forecast
POST /api/v1/reports/trigger        — Trigger manual report delivery

5. Auditor Role

The built-in Auditor role provides read-only access to:

  • Audit logs and search
  • Compliance reports (all frameworks)
  • User list and role assignments
  • Project membership
  • Deployment status
  • Certificate inventory
  • KeyTab management dashboard

The Auditor role cannot modify data, create/delete secrets, issue certificates, or change configurations.

6. System Health

GET /api/v1/health

Returns real-time operational status of all components (database, Redis, services).

7. SIEM Integration

Audit events can be streamed in real-time to external SIEM platforms:

  • Elasticsearch / ELK — Bulk API with ECS field mapping
  • Splunk — HTTP Event Collector (HEC)
  • Microsoft Sentinel — CEF via syslog
  • IBM QRadar — LEEF via syslog

Configuration: Organization Settings → Audit Streams.

For details see Audit Logging and SIEM Integration Guide.

8. Requesting an Audit

To exercise your contractual right to audit MazeVault:

  1. Send request to info@mazevault.com with minimum 30 days notice
  2. Include: desired scope, preferred dates, audit team, regulatory basis
  3. MazeVault will confirm scope and provide evidence within 10 business days
  4. Audit execution (remote or on-site by arrangement)
  5. MazeVault responds to findings within 15 business days