Reports Guide

Generate compliance reports for executives and auditors, manage evidence libraries, build audit packages, configure the Trust Center, and export data.

Report Types

TATER generates several types of compliance reports, all rendered client-side as printable HTML that can be saved as PDF:

Report Type	Audience	Content
Executive Summary	Board, C-suite	High-level compliance scores, trend analysis, risk overview, key findings
Detailed Compliance	Security teams	Full control-by-control breakdown with status, evidence, and remediation guidance
Framework-Specific	Auditors	Compliance against a specific framework (CIS, NIST, ISO, etc.) with section narratives
Gap Analysis	Compliance officers	Failing controls prioritized by severity with remediation workplan
Remediation Workplan	IT operations	Actionable remediation steps sorted by priority with assigned owners
Fleet Report	IT management	Device compliance overview, vulnerability summary, software inventory

Generating a Report

Evidence Library

The Evidence Library provides a central repository for audit evidence organized by control and framework:

Key Features

• Automatic Evidence: Scan results are automatically captured as evidence for evaluated controls
• Manual Evidence: Upload documents, screenshots, or other files as supporting evidence
• Evidence Linking: Link evidence items to specific controls across multiple frameworks
• Version History: Track changes to evidence over time
• Expiry Tracking: Set evidence validity periods and receive alerts when evidence expires
• Bulk Export: Export all evidence for an audit engagement as a ZIP package

Adding Evidence

1. Navigate to the Evidence page
2. Click Add Evidence
3. Select the control(s) this evidence supports
4. Upload the file or enter a description for manual evidence
5. Set the evidence type (Screenshot, Document, Configuration, Log, Attestation)
6. Optionally set an expiry date for time-sensitive evidence

Audit Package

Build comprehensive audit packages that combine reports, evidence, and narratives for external auditors:

• Select the framework and scope for the audit package
• Include compliance reports, evidence library items, and standard narratives
• Generate a table of contents with cross-references
• Export as a downloadable package for auditor review

Trust Center

The Trust Center is a public-facing compliance posture page for sharing with customers, partners, and prospects:

Features

• Framework Scores: Compliance percentage for each active framework
• Certifications: Display earned certifications with audit dates
• Security Practices: Summary of implemented security controls
• Custom Content: Add organization-specific security information and FAQs
• Embeddable Widget: Generate an embeddable compliance badge for your website

Compliance Widget

Generate a lightweight compliance widget that can be embedded on your organization's website:

1. Navigate to Trust Center settings
2. Click Generate Widget
3. Customize the widget appearance (frameworks to show, color scheme)
4. Copy the embed code (HTML snippet)
5. Paste the embed code into your website's HTML

CSV Export

Export compliance data to CSV format for use in external tools, SIEMs, or data warehouses:

• Scan Results CSV: All control evaluations from a specific scan
• Controls CSV: Current status of all controls across all frameworks
• Overrides CSV: Risk acceptance register with justifications and expiry dates
• Devices CSV: Fleet inventory with compliance scores and MDE status
• Vulnerabilities CSV: CVE list with severity, CISA KEV flags, and affected devices