iTmethods

    REIGN · SPINE · AUDIT LEDGER (CAVR)

    Audit Ledger (CAVR).

    Continuous Audit, Validation & Reporting — the contemporaneous record of every AI and agent decision.

    Continuous Observability + Continuous Assurance. The Trust Layer for Enterprise AI.

    Audit Ledger (CAVR) is component 3 of the Reign Spine — tamper-evident audit records for every AI and agent decision. Continuous Audit, Validation & Reporting, by construction.

    By Application · Design Partner Access open

    Three Lines of Defense

    Audit Ledger (CAVR) is the 3rd Line of Defense — independent attestation. AI Gateway is the 1st Line · Model Risk Validation is the 2nd Line · Assurance Packs is independent assurance.

    The problem

    Audit-grade evidence is not a logging problem

    Application logs were not designed to satisfy regulators. They are scattered, mutable, and do not capture the things an audit cares about — what model version was running, which policy applied, who approved an override, and what input produced what decision. Audit Ledger (CAVR) is built for that question, by construction, at the runtime layer.

    • Audit trails for AI decisions are scattered across application logs, MLOps platforms, and ad-hoc spreadsheets.
    • Regulators expect a single, contemporaneous record of every model and agent decision — not reconstructed forensics.
    • When the question is “what did the system do, who approved it, what was the model version, and what was the input?”, evidence assembly often takes weeks.
    • Tampering, gaps, and after-the-fact edits in conventional logs disqualify them as legal-grade evidence.
    What it does

    Audit Ledger (CAVR) provides

    Tamper-evident records

    Contemporaneous audit records for every AI and agent decision — model interactions, policy actions, tool calls, human overrides.

    Continuous capture

    Records are captured at the point of decision, in line with the runtime — not assembled retroactively.

    Human oversight log

    Every override, escalation, and approval is recorded with timestamp, identity, and justification — Article 14 / SR 11-7 fluent.

    Submission-ready export

    Records flow into Assurance Packs as the underlying evidence layer for regulator-ready submission packages.

    How it integrates with the rest of Reign

    The contemporaneous record under the rest of the Spine

    AI Gateway emits decision events at runtime — every AI call, every policy action, every human override. Model Risk Validation emits change packets — every model version, every approved change, every drift signal. Audit Ledger (CAVR) is where those records live as tamper-evident evidence. Assurance Packs draw from the ledger to assemble regulator-ready evidence packages.

    Outcomes

    Why customers run Audit Ledger

    Audit-ready by construction

    Evidence is captured at the point of decision, not assembled after the fact.

    Independent attestation

    The ledger is independent of the systems whose decisions it records — separation of duty by design.

    Submission acceleration

    Regulator-facing evidence assembles from the ledger into Assurance Packs without manual reconstruction.

    Reign Spine

    AI GatewayModel Risk ValidationAudit Ledger (CAVR)Assurance Packs

    What did the system do, and who can prove it?

    Audit Ledger (CAVR) is available by application through the Reign Design Partner Program.