Skip to main content

Compliance Reports

Professional
note

Report generation is a roadmap capability, not a self-serve GA feature today. The product does not yet include an Activity > Reports screen, manual report generation, scheduled delivery, or a report archive. Today, the Activity view provides a live audit-event timeline, and audit history is visible for the retention window associated with your plan. If packaged compliance reporting is a requirement for your deployment, contact your account manager so we can scope what is available for your environment.

Compliance reports are designed to demonstrate your AI governance posture for compliance frameworks, auditors, and stakeholders.

Planned Reports

The reporting capability is designed to include:

Executive Summary

High-level overview for leadership:

  • Total AI interactions monitored
  • Policy enforcement summary
  • Alert trends
  • Risk metrics

Compliance Posture

Detailed compliance status:

  • Policies in place
  • Coverage metrics
  • Exception inventory
  • Remediation status

Incident Report

Alert and incident details:

  • All alerts in period
  • Resolution status
  • Response times
  • Root cause analysis

User Activity Report

Per-user activity summary:

  • Usage by user
  • Violations by user
  • Risk scoring
  • Trends

Audit Trail Report

Complete activity log:

  • All logged events
  • Admin actions
  • System changes
  • Access records

Compliance Frameworks

note

Containment.AI does not hold formal certifications for the frameworks below. These reports are designed to map to the criteria of each framework to support your own audits and evidence collection; they are not an attestation that Containment.AI is certified.

SOC 2

Reports designed to map to SOC 2 Trust Services Criteria:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

HIPAA

Reports designed to support healthcare compliance evidence:

  • PHI protection measures
  • Access controls
  • Breach notifications
  • Risk assessments

GDPR

Reports designed to map to data-protection requirements:

  • Personal data handling
  • Subject access requests
  • Data retention
  • Cross-border transfers

PCI DSS

Reports designed to map to payment-card data requirements:

  • Cardholder data protection
  • Access controls
  • Monitoring and testing
  • Security policies

Available Today: Audit-Event Timeline

Until packaged reporting ships, the shipped surface for compliance evidence is the audit-event timeline:

  • The Activity view lists logged governance events.
  • Audit history is retained for the window associated with your plan.
  • See Audit Logs for the event model and how to review activity.