Audit Evidence You Can Export
BaseState creates comprehensive audit records that demonstrate governance intent. Here's what data is captured and exportable.
Employee Data
| Field | Description |
|---|---|
| Employee Name | Full name from authentication |
| Employee Email | Email address used for login |
| Company | Organization the employee belongs to |
| Department | If provided during authorization |
Training Record
| Field | Description |
|---|---|
| Training Start Date | When the employee began training |
| Training Completion Date | When training was completed |
| Quiz Score | Final quiz percentage |
| Pass/Fail Status | Whether 80% threshold was met |
| Certificate ID | Unique certificate identifier |
| Certificate Hash | SHA-256 hash of certificate data |
Policy Acknowledgment Events
| Field | Description |
|---|---|
| Policy ID | Unique identifier of acknowledged policy |
| Policy Version | Version string (e.g., "v1.0") |
| Document Hash | SHA-256 hash of policy content |
| Opened Timestamp | When employee opened the policy |
| Acknowledged Timestamp | When employee acknowledged |
| Attestation Version | Version of attestation text used |
| Event Hash | SHA-256 hash of event data |
| Session ID | Browser session identifier |
| IP Address | Client IP address |
Compliance Certificate (Official Artifact)
| Field | Description |
|---|---|
| Certificate ID | Unique UUID for the official artifact |
| Linked Policy ID | Reference to the specific AI policy at time of signing |
| Linked Policy Hash | SHA-256 hash of the policy document for tamper evidence |
| Artifact Hash | Root hash of the entire certificate dataset |
| HMAC Signature | Cryptographic signature from the BaseState CA |
Export Formats
Administrators can export audit data in:
- CSV: For spreadsheet analysis and integration with other systems
- Certificate PDF: Individual employee certificates for records
Hash Verification: All hashes can be independently verified. If you have the original data and the hash algorithm (SHA-256), you can recompute the hash to prove the data hasn't been modified.
Data Retention
All audit records are retained indefinitely for compliance purposes. Records cannot be deleted or modified once created.