Compliance Reports
Guardian Pro generates compliance reports that provide a point-in-time snapshot of your compliance posture. These reports are designed for sharing with auditors, presenting to leadership, or integrating with your governance workflows.
Reports are available in three formats -- PDF for human-readable audit documents, CSV for spreadsheet analysis, and JSON for programmatic processing.
Report Contents
Every compliance report includes the following sections:
Executive Summary
A high-level overview of your compliance posture:
- Framework name and version -- The specific framework being reported on
- Report generation date -- When the snapshot was taken
- Overall compliance score -- Percentage of controls passing
- Control summary -- Total controls, passed, failed, not applicable, and excepted
- Score trend -- Whether your score has improved, declined, or remained stable compared to the previous period
Control-by-Control Breakdown
A detailed listing of every control in the framework:
- Control ID and title -- The framework-specific identifier and human-readable description
- Status -- PASS, FAIL, or NOT APPLICABLE
- Severity -- Critical, High, Medium, or Low
- Affected resources -- For failing controls, the count and list of resources causing the failure
- Exception status -- Whether an exception has been created, with the documented justification
- Evidence summary -- Whether evidence has been attached to this control
Service Breakdown
Compliance results grouped by AWS service, showing:
- Pass/fail counts per service
- Per-service compliance score
- Services contributing the most failures
Severity Breakdown
Compliance results grouped by severity level:
- Critical, High, Medium, and Low failure counts
- Helping you prioritise which gaps to address first
Exporting a Report
To export a compliance report:
-
Navigate to the Compliance Dashboard.
-
Select the framework you want to report on (e.g., CIS AWS Foundations Benchmark, SOC 2).
-
Click Export Report.
-
Choose your format:
- PDF -- Formatted document suitable for audit submissions
- CSV -- Spreadsheet-compatible for data analysis
- JSON -- Machine-readable for integration with other tools
-
The report is generated and downloaded to your browser.
For multi-account environments, you can generate reports scoped to a specific account or aggregated across all accounts. Use the account selector before exporting to control the report scope.
Report Formats
PDF Reports
PDF reports are formatted, professional documents designed for human consumption:
- Branded header with your organisation name and the report date
- Executive summary with visual indicators for your compliance score
- Control details organised by framework section
- Exception appendix listing all excepted controls with justifications
- Evidence appendix listing all attached evidence by control
PDF reports are ideal for:
- Submitting to external auditors
- Presenting to leadership or board members
- Including in formal compliance documentation packages
- Sharing with customers during security questionnaire responses
CSV Reports
CSV reports provide tabular data suitable for spreadsheet analysis:
| Column | Description |
|---|---|
| Control ID | Framework-specific control identifier |
| Title | Control description |
| Section | Framework section (e.g., "IAM", "Logging") |
| Status | PASS, FAIL, or NOT_APPLICABLE |
| Severity | Critical, High, Medium, or Low |
| Failed Resources | Count of resources failing this control |
| Exception | Yes/No |
| Exception Justification | Text of exception justification (if applicable) |
| Evidence Attached | Yes/No |
| Last Evaluated | Timestamp of last evaluation |
CSV reports are ideal for:
- Loading into spreadsheets for custom analysis
- Creating pivot tables to view data from different angles
- Tracking remediation progress over time
- Importing into GRC (Governance, Risk, and Compliance) tools
JSON Reports
JSON reports provide structured data for programmatic consumption:
- Complete control data with status, severity, and metadata
- Affected resource details for each failing control
- Exception and evidence metadata
- Score calculations and breakdowns
JSON reports are ideal for:
- Integrating with CI/CD pipelines for compliance gates
- Feeding into dashboards or business intelligence tools
- Automated comparison between report snapshots
- Building custom compliance workflows
Scheduled Reports
In addition to on-demand exports, Guardian Pro can include compliance summaries in scheduled notifications:
- Weekly summary -- Includes compliance score changes across all subscribed frameworks
- Monthly report -- Comprehensive compliance overview with trends
Configure notification preferences in Settings > Notifications.
Report History
Guardian Pro maintains a history of previously generated reports. To access past reports:
- Navigate to the Compliance Dashboard.
- Click Report History (or Past Reports).
- Browse the list of previously generated reports sorted by date.
- Click on any report to download it again.
Report history provides a valuable audit trail, showing your compliance posture at specific points in time. This is particularly useful for demonstrating compliance over a period, as required by SOC 2 Type II audits.
Using Reports for Audit Preparation
Before the Audit
- Generate a current PDF report for each relevant framework.
- Review failing controls and prioritise remediation for critical and high-severity gaps.
- Ensure evidence is attached to controls that require manual documentation. See Attaching Evidence.
- Document exceptions for any accepted deviations with clear justifications. See Managing Exceptions.
- Check trends to confirm your score has been stable or improving. See Compliance Trends.
During the Audit
- Share PDF reports with auditors as the starting point for their review.
- Use the Compliance Dashboard for live walkthroughs, drilling into specific controls as auditors ask questions.
- Export CSV or JSON for auditors who want to perform their own analysis.
- Point to historical reports and trends to demonstrate sustained compliance (especially for SOC 2 Type II).
After the Audit
- Generate a baseline report immediately after addressing any audit findings.
- Use compliance trends to track your score improvement after remediation.
- Set up regular report exports to maintain ongoing audit readiness.
Multi-Account Reports
In multi-account environments, reports can be scoped to different levels:
| Scope | Use Case |
|---|---|
| All accounts (aggregated) | Organisation-wide compliance overview for executive reporting |
| Single account | Account-specific compliance posture for targeted remediation or account-level audits |
Select the desired scope using the account filter before exporting.
Aggregated reports show the worst-case status for each control. If a control passes in all accounts except one, it is reported as FAIL in the aggregated view. This ensures that compliance gaps are not hidden by averaging across accounts.
Best Practices
Regular Reporting Cadence
Establish a regular reporting cadence (monthly or quarterly) even outside of audit periods. This builds a library of historical snapshots that demonstrates continuous compliance.
Archive Reports
Save exported reports to your document management system or compliance repository. While Guardian Pro maintains report history, having external copies provides an additional backup and integrates with your existing governance workflows.
Compare Over Time
Use CSV exports to compare compliance status between periods. Tracking which controls changed status helps you understand whether new changes are introducing compliance gaps.
Tailor Format to Audience
Use PDF for auditors and leadership, CSV for compliance analysts, and JSON for engineering teams and automated workflows.