Time travel & audit trail

Rewind to any moment. Explain every change.

ChronoVault stores the full history of every object in its model — requirements, controls, evidence, findings, risks, posture scores. You can ask what the system looked like on a specific date and get an accurate answer, not an approximation. Every change is attributed to the user who made it (or the AI run that proposed it, and the human who approved it). Nothing is overwritten.

Compliance timeline

6 events · 14 months · 3 frameworks touched

Event

Current

Branch

Jan 2025 c3a1f09

ISO 27001 baseline established

Initial control library imported from spreadsheet. 114 Annex A controls mapped to 89 internal controls. Evidence collection policy activated.

+114 requirements+89 controlsAuto-imported

Mar 2025 7b2e4d1

SOC 2 Type II evidence uploaded

312 evidence artifacts attached across CC-series criteria. 47 controls cross-mapped to existing ISO controls, eliminating duplicate work.

+312 evidence items+47 cross-mappings

Jun 2025 e59cd82

External audit completed

BSI audit of ISO 27001 scope returned 3 minor non-conformities and 2 observations. Corrective actions assigned with 30-day deadline.

~3 non-conformities~2 observations+5 corrective actions

↳ What-if branch: “Undo outsourcing controls”

Rolling back outsourcing controls from Feb 2025 would leave 14 requirements uncovered. Posture drops 94% → 87%. Two SOC 2 criteria fall below threshold. Branch explored by CISO on 12 Jun and discarded.

−14 requirements−7% postureBranch discarded

Oct 2025 a04f1b3

DPDPA data-protection obligations added

42 DPDPA obligations ingested. AI suggested 28 mappings to existing controls; 24 approved, 4 sent to review queue. New DPO role assigned.

+42 obligationsAI: 28 suggested+1 role: DPO

Jan 2026 f82ca97

RBI digital lending circular ingested

Circular 2025-26/92 added 12 new requirements. 5 matched to existing PCI-DSS controls. 7 flagged as gaps requiring new controls.

+12 requirements~5 cross-mapped−7 gaps identified

Mar 2026 · Current HEAD d41e0f5

PCI-DSS v4 migration & quarterly review

47 controls updated for PCI-DSS v4.0.1 transition. Evidence refresh completed for 283 items. Overall posture: 94%.

~47 controls updated+283 evidence refreshed

847 total requirements312 controls94% posture

Key workflows

1. Rewind the whole system

Pick a date. Every view now reflects the state of the world on that date — requirements, controls, evidence, scores.

2. Walk a prior assessment

Open an assessment from last year and see exactly the data the assessor saw — not a reconstruction, the actual state.

3. Explain a change

Hover any object and ChronoVault shows you when it last changed, who changed it, and what changed.

4. Query as-of

Export data "as of" a specific date for regulator responses, legal discovery, or board prep.

Why this matters Auditors ask historical questions constantly. Regulators ask them occasionally but with very high stakes. Most GRC tools answer them with "it was like this, roughly, we think" — by piecing together backups, export files, and Slack threads. ChronoVault answers them by navigating to a date and showing you the system as it was.

Related capabilities

Compliance posture Assessments & audits Controls & mapping

See ChronoVault with your own frameworks.

A 45-minute demo with a compliance engineer, not a salesperson. Tell us the frameworks you care about most and we'll tailor the walkthrough — and leave you with a recording.

Request a demo →