> ## Documentation Index
> Fetch the complete documentation index at: https://docs.continum.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Evidence & Compliance

> Transform compliance monitoring into audit-ready evidence

## What is Evidence?

Evidence is Continum's compliance verification system that transforms your monitoring signals into audit-ready documentation. When your AI application is monitored by Continum, every interaction creates a compliance record that can be packaged for regulatory audits, security reviews, and certification processes.

## Why Evidence Matters

Modern AI applications must demonstrate compliance with regulations like GDPR, SOC 2, ISO 27001, and HIPAA. Evidence provides:

* **Cryptographic Integrity**: Every compliance signal is cryptographically linked in an immutable chain
* **Regulatory Attestations**: Automatic mapping of signals to regulatory requirements
* **Incident Tracking**: Complete audit trails for high-risk detections
* **Audit Packages**: Generate comprehensive compliance reports for auditors

## Core Concepts

### Hash Chain Integrity

Every compliance signal in Continum is linked in a cryptographic hash chain, ensuring tamper-proof evidence:

```
Signal 1 → Hash A
Signal 2 → Hash B (includes Hash A)
Signal 3 → Hash C (includes Hash B)
```

This creates an immutable record where any tampering is immediately detectable. You can verify the integrity of your entire compliance history at any time.

### Regulatory Attestations

Continum automatically maps your compliance signals to specific regulatory requirements:

* **GDPR**: Article 32 (Security of processing), Article 25 (Data protection by design)
* **SOC 2**: CC6.1 (Logical access controls), CC7.2 (System monitoring)
* **ISO 27001**: A.12.6.1 (Technical vulnerability management)
* **HIPAA**: §164.308 (Administrative safeguards)

Each signal includes attestations showing which regulatory requirements it satisfies.

### Incident Management

High-risk and critical signals automatically create incident trails with:

* **Status Tracking**: DETECTED → INVESTIGATING → REMEDIATING → VERIFIED
* **Segregation of Duties**: Different roles required for investigation vs. verification
* **Audit Trail**: Every status change is cryptographically signed
* **Time-to-Resolution**: Automatic calculation of response times

### Coverage Analysis

Continum tracks your compliance coverage across regulatory frameworks:

* Which requirements are actively monitored
* Which requirements lack coverage
* Recommended monitoring configurations
* Coverage percentage by framework

## Using Evidence

### Verify Hash Chain Integrity

Verify that your compliance records haven't been tampered with:

```bash theme={null}
curl "https://api.continum.co/evidence/hash-chain/verify?startDate=2024-01-01&endDate=2024-12-31" \
  -H "x-continum-key: co_your_api_key_here"
```

Response:

```json theme={null}
{
  "valid": true,
  "totalSignals": 1523,
  "verifiedSignals": 1523,
  "tamperedSignals": []
}
```

### View Regulatory Attestations

See how your signals map to regulatory requirements:

```bash theme={null}
curl "https://api.continum.co/evidence/attestations?framework=GDPR" \
  -H "x-continum-key: co_your_api_key_here"
```

Response:

```json theme={null}
{
  "framework": "GDPR",
  "attestations": [
    {
      "signalId": "sig_123",
      "requirementId": "Art32",
      "requirementClause": "Article 32 - Security of processing",
      "sandboxType": "PII_DETECTION"
    }
  ]
}
```

### Track Incident Resolution

Monitor high-risk incidents through their lifecycle:

```bash theme={null}
curl "https://api.continum.co/evidence/incidents/inc_123" \
  -H "x-continum-key: co_your_api_key_here"
```

Response:

```json theme={null}
{
  "id": "inc_123",
  "signalId": "sig_abc",
  "status": "VERIFIED",
  "changes": [
    {
      "fromStatus": null,
      "toStatus": "DETECTED",
      "userId": "system",
      "timestamp": "2024-03-15T10:30:00Z"
    },
    {
      "fromStatus": "DETECTED",
      "toStatus": "INVESTIGATING",
      "userId": "compliance_officer_123",
      "timestamp": "2024-03-15T11:00:00Z"
    },
    {
      "fromStatus": "INVESTIGATING",
      "toStatus": "VERIFIED",
      "userId": "auditor_456",
      "timestamp": "2024-03-17T14:30:00Z"
    }
  ],
  "timeToResolution": "48 hours"
}
```

### Generate Evidence Packages

Create audit-ready compliance reports:

```bash theme={null}
curl -X POST "https://api.continum.co/evidence/packages" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "SOC2",
    "startDate": "2024-01-01T00:00:00Z",
    "endDate": "2024-12-31T23:59:59Z",
    "includeIncidents": true,
    "includeHashChain": true
  }'
```

Response:

```json theme={null}
{
  "packageId": "pkg_123",
  "framework": "SOC2",
  "signalCount": 1523,
  "attestationCount": 4569,
  "incidentCount": 12,
  "coveragePercentage": 94.5,
  "downloadUrl": "https://api.continum.co/evidence/packages/pkg_123/download"
}
```

## Evidence Package Contents

Generated evidence packages include:

### Executive Summary

* Monitoring period
* Total interactions monitored
* Risk level distribution
* Incident summary
* Coverage analysis

### Compliance Attestations

* Signals mapped to regulatory requirements
* Coverage by requirement
* Gaps and recommendations

### Incident Reports

* High-risk and critical incidents
* Investigation timeline
* Resolution status
* Time-to-resolution metrics

### Hash Chain Verification

* Complete cryptographic chain
* Integrity verification results
* Tamper detection (if any)

### Supporting Documentation

* Monitoring configuration
* Detection methodologies
* Regulatory framework mappings

## Compliance Policies

Define automated compliance policies that trigger actions based on detection patterns:

```bash theme={null}
curl -X POST "https://api.continum.co/evidence/policies" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "PII Protection Policy",
    "description": "Enforce PII detection on all interactions",
    "detectionCriteria": {
      "violationTypes": ["PII_EXPOSURE"],
      "riskLevels": ["HIGH", "CRITICAL"],
      "regulations": ["GDPR", "HIPAA"]
    },
    "active": true
  }'
```

Policies automatically:

* Track enforcement statistics
* Alert on violations
* Generate compliance reports
* Identify inactive policies

## Data Retention

Continum respects data retention requirements while maintaining compliance evidence:

### Retention Policies

Configure retention based on regulatory requirements:

```bash theme={null}
curl -X POST "https://api.continum.co/evidence/retention/policies" \
  -H "x-continum-key: co_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "framework": "GDPR",
    "minRetentionDays": 365,
    "maxRetentionDays": 2555,
    "active": true
  }'
```

### Protected Evidence

Signals involved in active incidents are automatically protected from deletion until the incident is resolved and verified.

### Hash Preservation

When signals are deleted, their hash values are preserved to maintain chain integrity, allowing continued verification of the compliance record.

## Pattern Correlation

Continum automatically detects patterns across multiple signals:

```bash theme={null}
curl -X POST "https://api.continum.co/evidence/correlations/detect" \
  -H "x-continum-key: co_your_api_key_here"
```

Correlation detection identifies:

* Repeated violations of the same type
* Systemic compliance issues
* Emerging risk patterns
* Areas requiring attention

## External Auditor Access

Grant read-only access to external auditors:

### Auditor Tokens

Create time-limited tokens with specific permissions:

* READ\_SIGNALS: View compliance signals
* READ\_ATTESTATIONS: View regulatory mappings
* READ\_INCIDENTS: View incident trails
* VERIFY\_HASH\_CHAIN: Verify cryptographic integrity
* DOWNLOAD\_PACKAGES: Download evidence packages

### Auditor API

Auditors use a separate API with restricted access:

```bash theme={null}
curl "https://api.continum.co/auditor/signals?customerId=cust_123" \
  -H "Authorization: Bearer aud_token_abc123"
```

All auditor access is logged for compliance tracking.

## Best Practices

### Regular Verification

Verify hash chain integrity regularly:

* Daily automated checks
* Before generating evidence packages
* During security audits

### Incident Response

Establish clear incident workflows:

* Immediate investigation of CRITICAL signals
* 24-hour response for HIGH signals
* Weekly review of MEDIUM signals
* Segregation of duties for verification

### Coverage Monitoring

Track compliance coverage:

* Review coverage reports monthly
* Address gaps in monitoring
* Update monitoring configurations
* Validate regulatory mappings

### Evidence Package Generation

Generate evidence packages:

* Quarterly for internal reviews
* Annually for compliance audits
* On-demand for security assessments
* Before regulatory submissions

## Supported Frameworks

Continum provides evidence for:

* **GDPR**: EU General Data Protection Regulation
* **SOC 2**: Service Organization Control 2
* **ISO 27001**: Information Security Management
* **HIPAA**: Health Insurance Portability and Accountability Act
* **CCPA**: California Consumer Privacy Act
* **EU AI Act**: European Union AI Regulation
* **PCI DSS**: Payment Card Industry Data Security Standard

## Next Steps

<CardGroup cols={2}>
  <Card title="API Reference" icon="code" href="/api-reference/evidence/hash-chain">
    Explore Evidence API endpoints
  </Card>

  <Card title="Dashboard" icon="gauge" href="/dashboard/evidence">
    View evidence in dashboard
  </Card>

  <Card title="Incident Management" icon="triangle-exclamation" href="/concepts/incidents">
    Understand incident workflows
  </Card>
</CardGroup>