Active Assessor Workspace

Assessor Operations Portal

Verify platform-wide SOC 2 Type II controls, review change history, and trigger live audit pipelines.

LAST DRY-RUN2026-06-17 (PASS)
ENCLAVE LATENCYUS: 6ms | EU: 8ms
CURRENT RELEASEVTG-2026-06-17-BRAND
Last Evidence Run
Jun 17, 2026, 20:30 UTC
Sealed
Verified Operations1420+ verified
Release & Commit
VTG-2026-06-17-BRAND
Commit SHA
1db2833
Regional Enclaves
US-EASTN. Virginia6ms
EU-CENTRALFrankfurt8ms
SA-EASTSão Paulo12ms
Security Index Score
96%
96
THRESHOLD: 60%STATUS: SECURE

Audit Walkthrough Sequence

1

Assessor Onboarding

Review environmental setup configs, database requirements, and parameters in the primary README.

2

Index Mapping Check

Cross-reference compliance assertions with specific files using the interactive Control Coverage Matrix.

3

Automation Verification

Run the packaging suite `collect-soc2-evidence.sh` to trigger active tenant RLS checks and telemetry passes.

4

Sealed Envelope Check

Verify output signature SHA-256 HMAC logs to confirm zero operational configuration drift.

Assessor NDA Package

Gated

Provide your secure assessor access token to download the consolidated index, playbooks, and change summaries.

Control Coverage Matrix (SOC 2 Type II)

Select a control block below to audit its core assertions, code reference parameters, and testing script paths.

Control categoryLogical Access Control (CC6.1 / CC8.1)
Verify scriptverify-regulatory.js
Code referenceapp/admin/login/page.tsx
Control assertion

User identity, MFA verification, role authorizations, and logical access blocks are strictly enforced.

Evidence Packaging Terminal Emulator

> Awaiting command input (collect-soc2-evidence.sh)...
Operational Transparency

Continuous Monitoring FAQ

Understand how Venko’s automated auditing layer monitors compliance signals and safeguards operations.

Q. What is continuous compliance monitoring?

Instead of conducting manual compliance audits once a year, our platform runs automated validation loops every few minutes. These agents continuously verify that role access gates, row-level database barriers, and maker-checker segregation rules are operational.

Q. What happens if a check fails or degrades?

If any validation fails (e.g., if row-level security connection properties drift or a ledger anomaly is detected), the Trust API changes its status to DEGRADED. This instantly triggers alerts to compliance teams (via Slack or PagerDuty webhooks) and syncs the anomaly to connected GRC platforms.

Q. How does this verify the Zero Custody model?

Our ledger double-entry reconciliation loops assert that actual physical wallet holdings match cryptographic ledger states to the penny. If any discrepancy is identified, the reserve SLA status fails, allowing operators to isolate system components before transaction executions.

Q. Who can see this telemetry data?

The Trust Diagnostics API serves only anonymized, high-level verification indicators, release versions, and enclave latency performance metrics. It contains no customer personal data, account keys, secret tokens, or private transaction records.