Compliance Reporting
Quick Start
Advanced Features
Compliance Reporting
Generate comprehensive compliance reports for regulatory requirements, security audits, and internal governance with Grantiva's automated reporting tools.
Enterprise Feature
Automated compliance reporting is available for Enterprise tier and above. Professional tier can export raw data for manual report generation.
Compliance Framework Support
Grantiva helps you meet compliance requirements for various regulatory frameworks:
Security Standards
- • SOC 2 Type II
- • ISO 27001/27002
- • NIST Cybersecurity Framework
- • OWASP MASVS
Privacy Regulations
- • GDPR (EU)
- • CCPA (California)
- • PIPEDA (Canada)
- • APP (Australia)
Financial Standards
- • PCI DSS
- • PSD2 SCA
- • FFIEC Guidelines
- • Basel III
Industry Specific
- • HIPAA (Healthcare)
- • FERPA (Education)
- • FedRAMP (Government)
- • SWIFT CSP
Report Types
Security Audit Report
# Generate security audit report
curl -X POST https://api.grantiva.com/api/v1/compliance/reports/generate \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"type": "security_audit",
"period": {
"start": "2024-01-01",
"end": "2024-01-31"
},
"format": "pdf",
"sections": [
"executive_summary",
"threat_landscape",
"device_integrity",
"access_control",
"incident_response",
"recommendations"
],
"compliance_framework": "ISO27001"
}'
Sample Report Structure
{
"report": {
"id": "rpt_sec_202401",
"type": "security_audit",
"generated": "2024-02-01T10:30:00Z",
"period": "2024-01-01 to 2024-01-31",
"executive_summary": {
"total_attestations": 1847329,
"unique_devices": 45621,
"threats_blocked": 3421,
"overall_security_posture": "Strong",
"risk_trend": "Decreasing"
},
"key_metrics": {
"fraud_prevention": {
"attempts_detected": 3421,
"success_rate": "99.7%",
"false_positive_rate": "0.08%"
},
"device_integrity": {
"jailbroken_devices": 234,
"compromised_apps": 45,
"action_taken": "All blocked"
},
"compliance_status": {
"controls_tested": 127,
"controls_passed": 125,
"compliance_rate": "98.4%"
}
}
}
}
Privacy Compliance Reports
GDPR Data Processing Report
{
"gdpr_report": {
"data_processing_activities": [
{
"purpose": "Device Authentication",
"legal_basis": "Legitimate Interest",
"data_categories": [
"Device identifiers",
"Attestation data",
"IP addresses (anonymized)"
],
"retention_period": "90 days",
"data_minimization": true,
"encryption": "AES-256 at rest, TLS 1.3 in transit"
}
],
"data_subject_requests": {
"access_requests": 45,
"deletion_requests": 12,
"rectification_requests": 3,
"average_response_time": "24 hours"
},
"data_breaches": {
"reported_incidents": 0,
"affected_users": 0
},
"third_party_processors": [
{
"name": "Apple Inc.",
"purpose": "App Attest Validation",
"location": "United States",
"safeguards": "Standard Contractual Clauses"
}
]
}
}
Automated Report Generation
Schedule Configuration
{
"report_schedules": [
{
"name": "Monthly Security Report",
"type": "security_audit",
"frequency": "monthly",
"day_of_month": 1,
"recipients": ["security@company.com", "compliance@company.com"],
"format": "pdf",
"encryption": true,
"sections": ["all"]
},
{
"name": "Weekly Fraud Summary",
"type": "fraud_analysis",
"frequency": "weekly",
"day_of_week": "Monday",
"recipients": ["fraud-team@company.com"],
"format": "excel",
"include_raw_data": true
},
{
"name": "Quarterly Board Report",
"type": "executive_summary",
"frequency": "quarterly",
"recipients": ["board@company.com"],
"format": "pdf",
"sections": [
"high_level_metrics",
"risk_assessment",
"compliance_status",
"recommendations"
]
}
]
}
Custom Report Builder
API Integration
// Node.js example for custom report generation
const generateCustomReport = async (config) => {
const report = await grantiva.compliance.createReport({
title: "Custom Compliance Report",
period: config.period,
sections: [
{
type: "custom_query",
title: "High Risk Device Analysis",
query: {
filter: { riskScore: { $gte: 70 } },
groupBy: "riskFactors",
metrics: ["count", "percentage", "trend"]
}
},
{
type: "attestation_summary",
title: "Authentication Metrics",
include: ["success_rate", "geographic_distribution", "device_types"]
},
{
type: "compliance_mapping",
title: "Control Effectiveness",
framework: "NIST_CSF",
controls: ["ID.AM-2", "PR.AC-1", "DE.AE-1"]
}
],
format: config.format,
branding: {
logo: "https://company.com/logo.png",
colors: {
primary: "#1E40AF",
secondary: "#3B82F6"
}
}
});
return report;
};
// Generate and email report
const monthlyCompliance = await generateCustomReport({
period: { start: "2024-01-01", end: "2024-01-31" },
format: "pdf"
});
await emailReport(monthlyCompliance, {
to: ["compliance@company.com"],
subject: "Monthly Compliance Report",
attachmentName: "compliance_202401.pdf"
});
Audit Trail Documentation
Comprehensive Logging
{
"audit_trail": {
"configuration_changes": [
{
"timestamp": "2024-01-15T14:30:00Z",
"user": "admin@company.com",
"action": "update_fraud_rules",
"changes": {
"rule_id": "high_risk_block",
"old_threshold": 80,
"new_threshold": 75
},
"ip_address": "10.0.1.100",
"justification": "Increased security posture"
}
],
"access_logs": {
"admin_access": 234,
"report_generation": 45,
"data_exports": 12,
"configuration_views": 567
},
"security_events": [
{
"timestamp": "2024-01-20T03:45:00Z",
"event": "suspicious_admin_login",
"details": "Login from unusual location",
"action_taken": "MFA challenge issued",
"result": "successful_authentication"
}
]
}
}
Report Templates
| Template | Use Case | Frequency |
|---|---|---|
| SOC 2 Evidence | Annual audit support | Quarterly |
| GDPR DPO Report | Data protection officer review | Monthly |
| Executive Dashboard | C-suite overview | Weekly |
| Incident Response | Security incident documentation | As needed |
Export Formats
- PDF: Formatted reports with charts and branding
- Excel: Raw data with pivot tables and analysis
- CSV: Machine-readable data for further processing
- JSON: Structured data for API integration
- SIEM: CEF/LEEF format for security platforms
Compliance Dashboard
Real-time Compliance Status
// Fetch compliance dashboard data
const dashboard = await grantiva.compliance.getDashboard();
// Example response
{
"overall_compliance": 96.5,
"frameworks": {
"SOC2": {
"score": 98,
"controls_passing": 147,
"controls_total": 150,
"next_audit": "2024-06-01"
},
"ISO27001": {
"score": 95,
"controls_passing": 112,
"controls_total": 118,
"gaps": ["A.12.1.2", "A.14.2.9"]
}
},
"recent_findings": [
{
"date": "2024-01-15",
"severity": "low",
"control": "Access Review",
"status": "remediated"
}
],
"upcoming_requirements": [
{
"requirement": "Annual Penetration Test",
"due_date": "2024-03-15",
"status": "scheduled"
}
]
}
Best Practices
- Regular Reviews: Schedule automated reports for consistent monitoring
- Data Retention: Configure appropriate retention periods for compliance
- Access Control: Limit report access to authorized personnel only
- Encryption: Always encrypt sensitive compliance reports
- Version Control: Maintain historical versions of all reports
- Audit Trail: Document all report generation and access
Compliance Features by Tier
| Feature | Professional | Enterprise | Enterprise Plus |
|---|---|---|---|
| Data Export | ✓ | ✓ | ✓ |
| Pre-built Reports | Basic | Full | Full + Custom |
| Automated Scheduling | - | ✓ | ✓ |
| Compliance Mapping | - | 5 frameworks | All frameworks |
| Audit Support | - | ✓ | ✓ + Consulting |