Operational guide · Assurance investigation

Investigate what supports an outcome—and what remains unknown.

Use this workflow when a run, result, change or alert must be explained through permitted canonical evidence without converting projection gaps into invented history.

Decision question

Which permitted actors, versions, runs, controls and artifacts support this outcome, which relationships are canonical or projected, and which requested facts remain unavailable?

Objects and controls used

The investigation uses a tenant-wide Assurance read model constrained by current project membership, permission and time scope.

Evidence event, source reference and completeness/integrity state

Explorer query or private Saved View and exact Event or Entity detail

Version Comparison, Execution Story and bounded Evidence Graph

Reproducibility criteria, Finding, Case and package preview/request

Investigation flow

Start narrow, preserve exact identifiers and expand only where the authorisation and projected relation permit it.

  1. Fix scope

    Select allowed projects, bounded time range, timezone semantics, environment, module and outcome before interpreting totals or trends.

  2. Open the exact record

    Use overview drill-down or Explorer to reach Event or Entity detail by exact identity rather than searching the current top-N page.

  3. Verify canonical reference and freshness

    Confirm source module, source event or run identity, projection checkpoint/freshness and any generic-renderer boundary.

  4. Compare versions or reconstruct the story

    Use Version Comparison for recorded snapshots and Execution Story for run/correlation/entity chronology, preserving retries and partial outcomes.

  5. Follow recorded relations

    Expand upstream, downstream or both within bounded depth and node/edge limits; each supported expansion repeats scope checks.

  6. Evaluate reproducibility and integrity

    Review exact criteria and source-aware states instead of inferring certainty from a projection hash or green run label.

  7. Record controlled follow-up

    Create a Finding or Case without changing the canonical event, or preview and request a permission-checked bounded Evidence Package.

Failure and partial paths

Restricted, missing, stale and semantically unsupported states require different conclusions.

Relation or snapshot is missing

Record an evidence gap. Missing is not unchanged, and a hash cannot reconstruct content that was never retained.

Event uses the generic renderer

Treat it as visible source material, not proof of complete semantic coverage for that module.

Integrity Run succeeds with unverified rows

The bounded supported checks found no broken record; unverified, pending and legacy rows retain those weaker states.

Access changes during a drill

Reauthorisation can stop detail or graph expansion. Hidden projects and nodes must not leak through labels or counts.

Evidence produced

The query scope, event/entity references, comparison or story inputs, graph relations, reproducibility criteria, integrity result, Finding or Case decision and package manifest/checksum can support the investigation according to their individual source strength.

Current boundary

Assurance is a rebuildable permission-aware read model, not a second canonical store. Current packages are bounded technical exports, not automatically digitally signed, WORM-protected, PDF/A, legally conclusive or evidence that every source module has equivalent integrity coverage.

Next step

Examine the Assurance evidence model.

Review projection, integrity, reproducibility and package boundaries before defining an investigation process.

Explore Advanexus Assurance