EAPMS ⇒ Sidecar Review Engine
Audit & Governance Hub
Scope & Actions
PII scrubbing on exports
Verify chain-of-custody
Strict reasons for overrides
Snapshots Verified
—
hash & signature valid
Evidence Coverage
—
signed / total artifacts
Policy Drift
—
config changes this period
Overrides w/ Reason
—
capture rate
Access Review
—
completion
Open Findings
—
requires remediation
Evidence Vault
| ID | Type | Title | Hash | Prev | Signer | Timestamp | Hold | Status | Action |
|---|
Chain-of-custody uses previous hash links; holds prevent deletion & edits.
Controls Mapping
| Control | Description | Evidence | Status | Owner |
|---|
Policy & Config Changes
| When | Actor | Change | Impact | Status |
|---|
Overrides & Exceptions
| When | Manager | Reason | Status | Action |
|---|
Access Review (Roles & Certifications)
| Role | Users | Last Review | Certified | SoD | Action |
|---|
Risk Register
| ID | Title | Severity | Owner | Due | Status | Action |
|---|
Audit Query Builder
| When | Type | Actor | Entity | Detail |
|---|
Action Ledger (last 10)
| When | Action | Detail |
|---|
Audit & Governance Hub unifies evidence, controls, access reviews, overrides, and immutable logs for auditors and HRBP governance. Data are illustrative; connect to Sidecar stores for production.