Compliance Reporting
Generate audit-ready compliance reports and evidence packages for SOC 2, HIPAA, GDPR, PCI DSS, ISO 42001, and more — directly from Rivaro's detection and governance data.
Overview
Rivaro's enforcement and detection activity automatically generates compliance evidence. Every blocked request, redacted response, and governance action is recorded and tagged with the relevant compliance frameworks — ready to export for audits or GRC platforms.
Supported Frameworks
Framework reports
| Framework | Report | Key metrics |
|---|---|---|
| SOC 2 | SOC 2 Compliance Report | Control effectiveness (CC7.2/CC7.3), detection coverage, incident counts |
| HIPAA | HIPAA Compliance Report | PHI detections, access events, audit log completeness |
| GDPR | GDPR Compliance Report | PII processing events, data subject rights actions, cross-border transfers |
| PCI DSS | PCI DSS Compliance Report | Cardholder data detections, credential exposure events, access controls |
| CCPA / CPRA | CCPA/CPRA Compliance Report | California consumer data events, opt-out compliance |
| ISO 42001 | ISO 42001 Evidence Package | AI management system evidence, clause-by-clause coverage |
Industry standard reports
| Report | Description |
|---|---|
| ISO 42001 Evidence Package | Structured evidence for GRC platforms (Vanta, Drata, Secureframe) — exports clause-by-clause coverage |
| Incident Register | ISO 27001 A.16 compliant incident register of all enforcement events |
| Detection Control Effectiveness | SOC 2 CC7.2/CC7.3 — statistical analysis of detection coverage and action rates |
| Security Operations Dashboard | SIEM-style metrics export — detection rates, severity breakdown, trend analysis |
| Executive AI Risk Summary | High-level executive dashboard — overall AI risk posture, top risks, compliance scores |
Report Metrics
Each framework report includes:
| Metric | Description |
|---|---|
percentage | Compliance score (0–100) for this framework |
incidents | Number of policy violations detected in the reporting period |
totalScans | Total requests scanned |
detectionBreakdown | Violation counts by severity: critical, high, medium, low |
trend | Percentage change in compliance score vs. previous period |
lastGenerated | When this report was last generated |
ISO 42001 Evidence Package
The ISO 42001 evidence package maps Rivaro's enforcement activity to the standard's clauses — ready to upload directly to Vanta, Drata, or Secureframe.
| Clause | Evidence Rivaro provides |
|---|---|
| Clause 8.2 — AI Risk Assessment | Detection taxonomy, risk domain coverage, violation history |
| Clause 8.3 — Human Oversight | Quarantine queue reviews, governance decision history, step-up approvals |
| Clause 8.5 — AI System Development | AppContext configurations, allowed model lists, policy rule coverage |
| Clause 8.6 — Data for AI Systems | Training stage detections, data classification events, connector policies |
| Clause 9.1 — Monitoring and Measurement | Enforcement metrics, detection rates, trend data |
| Annex B.4 — AI System Security | Prompt injection detections, adversarial attack events, access control logs |
Lifecycle Stage Filtering
Reports can be scoped to a specific lifecycle stage:
| Stage | What's included |
|---|---|
| EXECUTION / RUNTIME | All proxy enforcement — INGRESS + EGRESS detections (default for most reports) |
| TRAINING | Training data pipeline detections from connectors |
| DEPLOYMENT | Infrastructure scan findings from discovery channels |
Generating Reports
From the dashboard
Go to Compliance in the navigation. Select your framework, set the reporting period, and click Generate. Reports generate asynchronously — you'll be notified when ready.
Via API
# Check compliance status across all frameworks
GET /api/compliance/status?lifecycleStage=EXECUTION
# List available reports
GET /api/compliance/reports/available
# Generate a framework report
POST /api/compliance/reports/generate
{
"framework": "SOC2",
"startDate": "2026-01-01",
"endDate": "2026-03-31"
}
# Generate an industry standard report
POST /api/compliance/reports/industry/{reportId}/generate
# Export ISO 42001 evidence package
GET /api/compliance/iso42001/evidence?format=json
Export Formats
| Format | Best for |
|---|---|
| Human-readable audit evidence, auditor submissions | |
| JSON | API integration with GRC platforms (Vanta, Drata, Secureframe) |
| CSV | Spreadsheet analysis, custom reporting |
Compliance Dashboard
The Compliance dashboard provides a live view of your compliance posture:
- Framework scores — compliance percentage per framework with trend indicators
- Control coverage — which compliance controls have active detection coverage
- Trend charts — compliance score over time per framework
- Violation breakdown — severity distribution for the current period
- Top violations — most frequent detection types impacting compliance
Next steps
- Policy Templates — Apply industry-specific enforcement defaults
- Understanding Detections — What Rivaro detects that feeds compliance reports
- Actor Governance — Governance history used in human oversight evidence
- Remediation — Fix findings that are impacting compliance scores