Audit Evidence Examples

This page provides examples of how Stratosphere PACT generates cryptographically verifiable audit evidence for regulated environments. These examples are intended to help auditors, security teams, and engineering teams understand the structure and verifiability of system-generated records.

Important: These examples are illustrative. They do not represent real customer data and are simplified for clarity.

1. Example System Event (Raw Record)

{
  "event_id": "evt_8f3a21",
  "timestamp": "2026-05-23T18:42:11Z",
  "actor": "user_1029",
  "action": "UPDATE_PATIENT_RECORD",
  "resource": "patient_5531",
  "metadata": {
    "field": "medication_dosage",
    "old_value": "5mg",
    "new_value": "10mg"
  }
}

2. Cryptographic Hash Generation

Each event is hashed at creation to establish integrity.

SHA-256(event_payload) =
"b7c1f3a9c2d4e1f8a9c0d4e2f3a1b7c9d8e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4"

3. Chained Integrity Record

Each hash is linked to the previous record, forming a tamper-evident chain.

{
  "event_id": "evt_8f3a21",
  "timestamp": "2026-05-23T18:42:11Z",
  "event_hash": "b7c1f3a9c2d4e1f8a9c0d4e2f3a1b7c9d8e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4",
  "previous_hash": "9f21ac3e11d4c88a77b9d3f1a2c4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2"
}

4. Verification Output

Independent verification confirms whether the chain has been altered.

{
  "verification_status": "VALID",
  "chain_integrity": true,
  "last_verified_hash": "b7c1f3a9c2d4e1f8a9c0d4e2f3a1b7c9d8e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4",
  "verification_timestamp": "2026-05-23T18:45:02Z"
}

5. Audit Export Summary

Field	Description
Event Set	Time-bounded collection of system events
Integrity Proof	Hash chain validation across all events
Verification Method	Deterministic recomputation of event hashes
Audit Outcome	Pass/Fail integrity validation result

How Auditors Use This Data

Validate completeness of event history
Confirm no unauthorized modification occurred
Recompute hashes independently
Verify sequence consistency over time

What This Does NOT Represent

This page does not represent legal evidence, certification, or compliance guarantees. It demonstrates how PACT structures data for auditability and independent verification.