Auditors need a clear, scoped, read-only view of relevant governance records — not uncontrolled system access, not manually assembled evidence folders.
EAB provides structured auditor visibility: scoped to the review, read-only by design, and connected to the live governance record — not a static export.
Manual evidence exports have version issues and missing context. Broad system access creates confidentiality and governance concerns. Controlled visibility is the right model.
Auditor access is scoped to the systems, periods, and obligation areas relevant to the review. Access is granted by the mandanten_admin and expires. Auditors cannot navigate outside the defined scope.
Auditors can view governance records, screening results, evidence artefacts, and approval decisions. They cannot create, edit, or delete records. The governance record is protected.
Auditors see the actual governance record — not a static export assembled for the review. Evidence is in context. Approval decisions show the reasoning. The audit trail is complete.
Uploaded evidence artefacts are visible with their metadata — upload date, uploader, linked obligation area, and review status. Evidence is not a file list — it is a structured governance record.
Supervisor approval decisions are visible with their context — the screening record, the evidence present at approval time, and the decision justification. Approvals cannot be retroactively altered.
Every governance action is timestamped and attributed to the person who took it. The audit trail is immutable. Auditors can reconstruct the governance history of any system from registration to current state.
Auditor visibility is provisioned, scoped, and time-limited — so organizations can provide evidence without creating uncontrolled access.
The admin creates an auditor account, scoped to the relevant systems and time period. Access is provisioned for the duration of the review engagement — not permanent.
The auditor logs in and sees the governance records within their scope — AI systems, screening results, obligation coverage, evidence artefacts, and supervisor approval decisions. No evidence assembly required.
The auditor can trace every governance action — who screened the system, when, what the result was, what evidence was present at approval, and what the supervisor decided. The reconstruction is complete and timestamped.
Auditor access is time-limited. After the engagement, access expires without manual revocation. The organisation's governance record is protected. The access event itself is logged in the audit trail.
Controlled visibility is stronger than exporting audit folders. The governance record stays intact. Auditors see exactly what the review requires.
EU-hosted · Anchored to CELEX 32024R1689
Tell us about your organization and what you’re looking to address. We’ll follow up with the relevant information.
