Compliance Reports
AiQarus provides comprehensive audit trails and reports designed to meet regulatory requirements across industries.
Supported Compliance Frameworks
| Framework | Industry | Key Requirements |
|---|---|---|
| SOC 2 | All | Access controls, audit logging, change management |
| HIPAA | Healthcare | PHI protection, access audit, breach notification |
| GDPR | All (EU data) | Data processing records, consent tracking |
| SOX | Financial | Internal controls, audit trails, data integrity |
| PCI DSS | Payment | Access logging, encryption, monitoring |
How AiQarus Supports Compliance
1. Complete Audit Trails
Every agent action is logged with:
- What happened
- Who/what initiated it
- When it occurred
- Full context and reasoning
- Cryptographic proof of integrity
2. Immutable Records
Audit logs cannot be modified:
- SHA-256 hash chaining
- Database-enforced immutability
- Tamper detection
3. Access Controls
Fine-grained permissions:
- Role-based access (RBAC)
- Audit of access attempts
- Principle of least privilege
4. Data Isolation
Multi-tenant architecture ensures:
- Complete data separation
- No cross-tenant access
- Organization-scoped queries
Generating Compliance Reports
Via UI
- Navigate to Settings → Compliance
- Select report type
- Choose date range
- Click Generate Report
Report Types
Audit Summary Report
Overview of all agent activity:
┌─────────────────────────────────────────────────────────────────────┐
│ AUDIT SUMMARY REPORT │
│ Organization: Acme Corp │
│ Period: January 1-31, 2026 │
│ │
│ ═══════════════════════════════════════════════════════════════════│
│ │
│ EXECUTIVE SUMMARY │
│ │
│ Total Agent Runs: 1,247 │
│ Successful: 1,198 (96.1%) │
│ Failed: 49 (3.9%) │
│ │
│ Human Approvals: 89 │
│ Approved: 82 (92.1%) │
│ Denied: 7 (7.9%) │
│ │
│ Chain Verifications: 1,247 │
│ Valid: 1,247 (100%) │
│ Invalid: 0 (0%) │
│ │
│ ═══════════════════════════════════════════════════════════════════│
│ │
│ ACTIVITY BY AGENT │
│ │
│ Employee Offboarding 523 runs 98.3% success │
│ Customer Support Triage 412 runs 95.4% success │
│ Invoice Processing 312 runs 94.2% success │
│ │
└─────────────────────────────────────────────────────────────────────┘Access Control Report
Who accessed what:
┌─────────────────────────────────────────────────────────────────────┐
│ ACCESS CONTROL REPORT │
│ Period: January 1-31, 2026 │
│ │
│ USER ACTIVITY │
│ │
│ User Role Logins Runs Approvals │
│ ───────────────────────────────────────────────────────────────── │
│ john@acme.com Admin 45 23 15 │
│ sarah@acme.com Developer 62 156 0 │
│ mike@acme.com Operator 38 89 34 │
│ │
│ PERMISSION CHANGES │
│ │
│ Date User Change By │
│ ───────────────────────────────────────────────────────────────── │
│ Jan 5 bob@acme.com Role: → Admin john@acme.com │
│ Jan 12 alice@acme.com Added to org john@acme.com │
│ Jan 20 bob@acme.com Role: Admin → john@acme.com │
│ │
└─────────────────────────────────────────────────────────────────────┘Data Processing Report (GDPR)
Record of automated processing:
┌─────────────────────────────────────────────────────────────────────┐
│ DATA PROCESSING REPORT │
│ GDPR Article 30 - Records of Processing Activities │
│ │
│ PROCESSING ACTIVITY: Employee Offboarding │
│ │
│ Data Controller: Acme Corp │
│ Processing Purpose: HR operations automation │
│ Legal Basis: Legitimate interest (employment contract) │
│ │
│ Data Categories Processed: │
│ • Employee identifiers (name, email, ID) │
│ • Employment data (department, role, tenure) │
│ • System access data (applications, permissions) │
│ │
│ Data Subjects: Employees │
│ Recipients: HR systems (Okta, Google Workspace) │
│ Retention: Per HR policy (7 years) │
│ │
│ Processing Records (January 2026): │
│ • 523 processing activities │
│ • 523 data subjects affected │
│ • All processing logged with full audit trail │
│ │
└─────────────────────────────────────────────────────────────────────┘API Access
Generate reports programmatically:
query GenerateComplianceReport($input: ComplianceReportInput!) {
generateComplianceReport(input: {
type: AUDIT_SUMMARY
startDate: "2026-01-01"
endDate: "2026-01-31"
format: PDF
}) {
reportId
downloadUrl
generatedAt
}
}Retention Policies
Configure retention based on compliance requirements:
| Requirement | Minimum Retention |
|---|---|
| SOC 2 | 1 year |
| HIPAA | 6 years |
| GDPR | Varies by purpose |
| SOX | 7 years |
| PCI DSS | 1 year |
Configuring Retention
compliance:
retention:
traces: 7_years
audit_logs: 7_years
run_data: 90_days
archival:
enabled: true
destination: s3://compliance-archive
encryption: AES-256Best Practices
Before Audits
- Generate relevant compliance reports
- Verify all audit chains
- Export supporting documentation
- Review access control logs
Ongoing Compliance
- Schedule automated report generation
- Set up alerts for compliance-relevant events
- Regularly review and update retention policies
- Train staff on compliance procedures
Documentation
Maintain records of:
- Data processing activities
- Consent management
- Security incidents
- Policy changes