Skip to main content
Compliance Mode turns Antidote’s scan findings and activity logs into auditor‑ready reports. The Compliance page (/compliance) is also your at‑a‑glance view of workspace posture. The feature is gated behind the FEATURE_COMPLIANCE_REPORTS license flag (see Settings & licensing).

What the Compliance page shows

When you open /compliance you get four panels:
PanelWhat it shows
Posture overviewCounts of HEALTHY / UNHEALTHY- / UNHEALTHY+ / CRITICAL across all datasets.
Attention queueDatasets that need review: flagged issues, failing scans, missing reports.
Activity timelineEvery compliance‑relevant action, time‑filtered: uploads, scans, healing, deletes, permission changes.
KPIsTotal datasets, active scans, failed scans, critical changes, total reports.

Supported standards

You can generate reports tailored to four standards. Each one ships with the right cover page, the right framing of controls, and a mapping from Antidote concepts to that standard’s vocabulary.
StandardCodeFocus
SOC 2soc2Controls, change management, access, monitoring.
ISO 27001iso27001Information security management.
HIPAAhipaaProtected health information handling.
GDPRgdprPersonal data handling, right to erasure, data minimization.

Report depth and format

Each report can be generated at one of three depths and in one of four formats.
DepthBest for
SummaryExecutive one‑pager with KPIs and severity rollups.
DetailedPer‑dataset breakdowns, scan history, remediation actions.
ExhaustiveFull per‑finding audit trail, parameter snapshots, lineage graphs.
FormatUse it for
PDFAuditor‑facing. Includes charts and a styled cover page.
HTMLShareable link, lightweight, mobile‑friendly.
JSONPipelines, downstream processing.
ZIPBundle: PDF + raw data + artifacts + per‑finding CSVs.

Generating a report

1

Pick a scope

Single dataset, single project, or the entire workspace. The smaller the scope, the faster the build.
2

Pick standard, depth, format

SOC 2 / ISO 27001 / HIPAA / GDPR × Summary / Detailed / Exhaustive × PDF / HTML / JSON / ZIP.
3

Set a time window

Activity, scans, and healings inside this window appear in the report. Pick a quarter for a quarterly review, or the whole workspace lifetime for a first‑time audit.
4

Generate

The report is queued. You get a notification when it’s ready. Generated reports appear under Reports with a download link and a preview.
Use the Summary depth for quick weekly check‑ins, Detailed for monthly reviews, and Exhaustive when an auditor asks for source material.

Dataset lineage in reports

Every compliance report includes the dataset lineage graph for every dataset in scope. Auditors typically ask “where did this training corpus come from?”, lineage is the single answer.

Reports page (/reports)

The reports list shows every generated report with:
  • Scope, standard, depth, format.
  • Who generated it and when.
  • A download link.
  • A preview for HTML and PDF reports.
  • Optional auto‑purge after a retention window (configured under Settings → General).
You can also produce ad‑hoc and project‑level reports from this page, not just compliance ones.

Report templates (/reports/templates)

Templates standardize how reports look across the team. A workspace template covers the whole tenant; a project‑level template can override it for one project. You can edit:
SectionWhat you control
Cover pageLogo, title, subtitle, prepared‑by name.
SectionsInclude or exclude KPIs, findings, methodology, appendix, executive summary.
BrandingLogo upload, accent color, footer text.
FiltersWhich datasets, scans, or severities to include by default.
LayoutReorder and toggle visibility of each block.
Mark a project‑level template as default so every new report in that project starts from it.

Export templates (raw data)

Separate from report templates, export templates let you define reusable CSV / JSON exports of scan results: which columns, which filter, which sorting. Use the editor under Settings → Export templates and apply them from any scan’s Export menu. Export templates are gated behind FEATURE_ADVANCED_EXPORTS.

Sharing

  • Every generated report has a stable download link.
  • HTML reports can be opened from a shareable link by anyone with the link. Treat the link like a secret; rotate by regenerating.
  • Compliance reports include a content preview JSON so you can confirm contents before sharing.

Common workflows

  1. Make sure every dataset in scope is in a single project.
  2. Generate a SOC 2 / Detailed / PDF report scoped to that project, time window covering the audit period.
  3. Generate an additional SOC 2 / Exhaustive / ZIP as source material in case the auditor asks.
  1. Generate a Summary / HTML at workspace scope every Monday (via a scheduled report).
  2. Share the link in your weekly channel.
  1. Generate an ad‑hoc / Detailed / PDF report scoped to the training dataset.
  2. Attach it to the model card.