How FoundryDB Compliance Evidence Packets Work, End to End
An auditor reviewing your data layer does not want a screenshot. A screenshot is a picture of a number at a moment, detached from the system that produced it, trivially edited, and impossible to verify after the fact. What an auditor actually wants is evidence: a record of what a control did, backed by an observed value, that can be checked against a source of trust without taking anyone's word for it.
That is what a FoundryDB compliance evidence packet is. It is a per-organization document, generated from real platform data, that maps the infrastructure controls we operate to the framework you are being measured against (SOC 2, GDPR Article 30 ROPA, DORA, or the EU AI Act). It is cryptographically signed, stored immutably, and rendered as both machine-verifiable JSON and a human-readable PDF. Anyone holding our published public key can confirm a packet came from the platform and was not altered, with no shared secret and no need to trust the channel it arrived through. This post walks through how that works, from operational data to a signature an auditor can check in their browser.