URL handover, not email chains
Each customer can give you a one-time signed URL to a content-addressed evidence pack on R2. You verify the hash, you pull the bundle, the audit clock starts.
For external auditors
Stop chasing screenshots. Verify hashes.
Auditing software has barely changed since the spreadsheet. ReguNav™ hands you content-addressed evidence packs sealed in a tamper-evident WORM chain. You audit by hash verification, not by email chain. Four weeks of audit prep collapses to four hours.
Replay any state, any timestamp
The audit trail is WORM — every state-changing event sealed with sha256(prev_hash ‖ event). Replay from any point, see what the system showed at the moment a control was tested.
Per-row tamper detection
Every event in the trail carries its own hash. You don't have to trust the database — you verify the chain. If a row changed after-the-fact, the chain breaks visibly.
Framework-shaped reports
Findings are pre-mapped to SOC 2 CC-codes, ISO 27001 Annex A controls, EU AI Act articles, etc. You assess; you don't transcribe.
The engagement flow.
- 1Customer issues access
Their CISO drops you a signed Auditor portal URL — read-only, scoped to the engagement period.
- 2You verify the chain
Pull the evidence-pack manifest, verify the WORM head-hash, sample as deeply as your methodology requires.
- 3You ship findings
Export per-framework reports in your preferred format. Findings carry the original event hashes — every observation is traceable.
Export formats supported
Whatever your firm's working format is, the evidence pack ships ready. OSCAL for federal work, XBRL for financial-grade attestation, JSON-LD for graph queries, CSV for spreadsheets, PDF for legal.
PDFCSVJSON-LDOSCALXBRL
Get a sample evidence pack.
We'll send you a real (sandbox-customer) evidence pack so your team can practise the verification workflow before your first live engagement.