Evidence event, source reference and completeness/integrity state
Operational guide · Assurance investigation
Investigate what supports an outcome—and what remains unknown.
Use this workflow when a run, result, change or alert must be explained through permitted canonical evidence without converting projection gaps into invented history.
Decision question
Which permitted actors, versions, runs, controls and artifacts support this outcome, which relationships are canonical or projected, and which requested facts remain unavailable?
Objects and controls used
The investigation uses a tenant-wide Assurance read model constrained by current project membership, permission and time scope.
Explorer query or private Saved View and exact Event or Entity detail
Version Comparison, Execution Story and bounded Evidence Graph
Reproducibility criteria, Finding, Case and package preview/request
Investigation flow
Start narrow, preserve exact identifiers and expand only where the authorisation and projected relation permit it.
-
Fix scope
Select allowed projects, bounded time range, timezone semantics, environment, module and outcome before interpreting totals or trends.
-
Open the exact record
Use overview drill-down or Explorer to reach Event or Entity detail by exact identity rather than searching the current top-N page.
-
Verify canonical reference and freshness
Confirm source module, source event or run identity, projection checkpoint/freshness and any generic-renderer boundary.
-
Compare versions or reconstruct the story
Use Version Comparison for recorded snapshots and Execution Story for run/correlation/entity chronology, preserving retries and partial outcomes.
-
Follow recorded relations
Expand upstream, downstream or both within bounded depth and node/edge limits; each supported expansion repeats scope checks.
-
Evaluate reproducibility and integrity
Review exact criteria and source-aware states instead of inferring certainty from a projection hash or green run label.
-
Record controlled follow-up
Create a Finding or Case without changing the canonical event, or preview and request a permission-checked bounded Evidence Package.
Failure and partial paths
Restricted, missing, stale and semantically unsupported states require different conclusions.
Relation or snapshot is missing
Record an evidence gap. Missing is not unchanged, and a hash cannot reconstruct content that was never retained.
Event uses the generic renderer
Treat it as visible source material, not proof of complete semantic coverage for that module.
Integrity Run succeeds with unverified rows
The bounded supported checks found no broken record; unverified, pending and legacy rows retain those weaker states.
Access changes during a drill
Reauthorisation can stop detail or graph expansion. Hidden projects and nodes must not leak through labels or counts.
Evidence produced
The query scope, event/entity references, comparison or story inputs, graph relations, reproducibility criteria, integrity result, Finding or Case decision and package manifest/checksum can support the investigation according to their individual source strength.
Current boundary
Assurance is a rebuildable permission-aware read model, not a second canonical store. Current packages are bounded technical exports, not automatically digitally signed, WORM-protected, PDF/A, legally conclusive or evidence that every source module has equivalent integrity coverage.
Next step
Examine the Assurance evidence model.
Review projection, integrity, reproducibility and package boundaries before defining an investigation process.
Explore Advanexus Assurance