Overview
Parmana produces auditable evidence for every stage of policy enforcement. Audit records allow organizations to answer:- What decision was made?
- Which policy produced the decision?
- Which verified signals were evaluated?
- Was an override applied?
- Was the action executed?
- Did execution match authorization?
- Can the evidence be independently verified?
Why Audit Matters
Policies are only useful if organizations can demonstrate that they were enforced. Parmana creates evidence that can be inspected later by:- Auditors
- Compliance teams
- Security teams
- Risk teams
- Regulators
- Customers
Core Principle
Parmana records evidence instead of requiring trust.Audit Lifecycle
Evaluation Records
Policy evaluations generate signed attestations. Example:Override Records
When a policy requires escalation:- Approver identity
- Approver role
- Approval reason
- Override signature
Execution Integrity Proofs
After execution, organizations can confirm what actually occurred.- What was authorized
- What was executed
- Whether they matched
Verification Records
Verification produces independent evidence that an attestation is valid. Verification checks:- Signature validity
- Runtime compatibility
- Schema compatibility
- Provenance integrity
- Release integrity
Provenance Records
Every attestation includes provenance metadata. Example:- Runtime artifacts
- Release manifests
- Trust roots
- Signing infrastructure
Evidence Categories
Authorization Evidence
Produced by:- Policy decision
- Signals fingerprint
- Attestation signature
Override Evidence
Produced by:- Human approval
- Role
- Reason
- Override signature
Execution Evidence
Produced by:- Authorized action
- Executed action
- Match analysis
- Integrity proof
Verification Evidence
Produced by:- Verification outcome
- Trust chain validation
- Provenance validation