Custody

Regulated Evidence Vault

Regulated findings need regulated custody.

Name to be announced

The problem

An audit finding is a legal document

Under the LPM and NIS 2 Article 23, regulated entities must retain incident reports, audit findings and remediation evidence in a form that satisfies inspection. A shared drive or generic cloud store does not meet the bar for chain of custody, access logging and tamper evidence.

What it does

Purpose-built custody, with proof

Every document ingested receives a timestamped receipt, a cryptographic hash for tamper detection and an access log of every read, copy and export, under role-based controls aligned to the relevant framework. Findings can be produced for inspection in a signed, time-stamped package showing unbroken custody.

Regulatory scope

The vault is designed for organisations operating under LPM obligations (Opérateurs d'Importance Vitale), NIS 2 Article 21 and Article 23 obligations (essential and important entities), and DORA Chapter III ICT risk management documentation requirements. It can also serve ISO 27001 Statement of Applicability and internal audit record retention obligations.

Availability

The vault is in final pre-release. The product name will be announced at launch. Customers with immediate custody requirements should contact us — early access arrangements are available for organisations under active regulatory scrutiny.

Frameworks addressed

NIS 2 LPM DORA ISO 27001

EviGen

Collects the evidence that the vault then stores — automated collection feeds directly into regulated custody.

Finance resilience

DORA-MAST

DORA operational resilience assessments produce findings that require regulated custody under DORA Article 9.

Every product is field-tested

← All products