Reports
About reports
Section titled “About reports”A Governance Studio report is a point-in-time record of a project’s compliance status toward a specific policy.
Each report comes as a .zip and includes a complete record of the project’s compliance process toward a given policy — every declaration, review, and any associated attachments.
Organization and Project Owners can generate this shareable, audit-ready document at any time.
Key concepts and actions associated with reports include:
- What to expect in a report
- Understanding the report .zip
- Understanding the report PDF
- Exporting a report
What to expect in a report
Section titled “What to expect in a report”A report captures the actions your team has taken against a policy’s controls, along with the cryptographic proofs that make those actions verifiable. This includes every declaration and review made against each control, the attachments submitted, and the identities of the contributors involved.
Not every action in Governance Studio carries this cryptographic integrity, and only actions that do are represented in a report. For a full breakdown of which actions have integrity associated with them, see integrity actions.
Understanding the report .zip
Section titled “Understanding the report .zip”When you export a report, Governance Studio generates a .zip containing three things:
- report.pdf — a human-readable compliance report (described below).
- manifest.json — a machine-readable record of every signed action in the report, including the CIDs and DIDs that make its contents independently verifiable. See Governance Manifest in Key Concepts.
- attachments/ — a folder containing every file submitted as attachments across the policy’s declarations and reviews, plus any attachments submitted by indicator declarations.
Together, these let anyone confirm the report is authentic and unaltered — the PDF presents the compliance record, and the manifest and attachments allow that record to be cryptographically verified.
Understanding the report PDF
Section titled “Understanding the report PDF”The report PDF presents the project’s compliance record towards a given policy in a readable, shareable format. It is organized as follows:
- Report Overview — the project and policy the report covers, the policy version, when the policy was applied, and when the report was generated.
- Compliance Status — a summary table showing how many of the policy’s controls fall into each status at the time of generation.
- Controls — the core of the report. Each control lists its code, description, and status — followed by every declaration and review made against it in chronological order — including the author, timestamp, statement, and the CID of each entry.
- Citations — the reference sources cited across the policy’s controls.
- Appendix — the contributors involved (each with their DID), and a complete list of attachments, each identified by its CID.
Exporting a report
Section titled “Exporting a report”Reports are exported per applied policy from that policy’s Implementation dashboard.
To export a report:
- From the Project Dashboard, open the applied policy for which you wish to export a report
- Select Actions and choose Export PDF Report
- Choose a Paper size — US Letter, US Legal, or A4
- Select Export PDF Report