Reproducible witness bundle for audit evidence

What the witness bundle contains

The bundle is designed for independent verification. Your internal audit team, external auditors, or a third-party reviewer can trace a finding in the compliance report back to the capture that supports it — without scheduling another consulting engagement.

• Complete normalized snapshot of infrastructure state at capture time
• Per-vendor source captures from read-only management API access
• Cross-tier validation logs for the dependency map
• Integrity manifest tying published deliverables to source evidence
• Generated recovery runbooks, gap analysis, and compliance reports

Why reproducibility matters to audit committees

Audit committees are asked to defend DR and compliance readiness with evidence, not narrative. When documentation cannot be reproduced from source data, the committee inherits model risk — they are approving conclusions they cannot independently validate.

Manual consulting deliverables rarely include a reproducible trail. PowerPoint decks and spreadsheets describe outcomes; they do not package the captures, normalization steps, and validation checks that produced those outcomes. Findings decay before the next cycle.

How MKDC produces the bundle

Read-only API capture from management planes records hypervisor, network, storage, and OOB state. MKDC normalizes vendor-specific outputs into one model, validates dependencies end-to-end, and generates RTO/RPO matrix and prioritized DR gap analysis, recovery runbooks, and automated compliance reports with per-framework gap analysis from that single pass.

Splitting discovery, recovery, and compliance across separate vendors or engagements would produce inconsistent artifacts — runbooks disconnected from the dependency map, compliance gaps without estate evidence. One witness bundle preserves coherence.

Independent verification without re-engaging MKDC

Fixed fee · 4–6 weeks in a fixed-fee engagement. Advisory, not formal attestation.

• Third parties can re-derive conclusions from packaged evidence
• Integrity manifest detects tampering or accidental drift
• Source captures preserved for the examination period defined in your SOW
• Advisory documentation — not formal attestation or auditor substitution

Witness bundle components in detail

The normalized snapshot is the canonical estate model MKDC publishes — hypervisor objects, network adjacencies, storage relationships, and OOB reachability cross-checked before any report is released. Per-vendor source captures preserve the raw API responses so reviewers can audit normalization choices.

Cross-tier validation logs document dependency checks that failed or required human follow-up — partial coverage is labeled explicitly when a vendor mix exceeds current capture support. The integrity manifest hashes published deliverables against source evidence so accidental edits or tampering are detectable.

How committees use the bundle in review

The bundle is structured for oversight — not for day-to-day operations. Operations teams still run production; the witness bundle is the evidence layer audit committees and regulators sample when they ask whether documentation matches reality.

• Trace a compliance gap status to the capture and validation step that supports it
• Confirm recovery runbook steps reference inventory from the same capture date
• Share packaged evidence with external auditors without re-engaging MKDC for every follow-up
• Compare current-cycle capture to prior cycle when repeat findings are a concern
• Satisfy internal audit requests for independent re-derivation of conclusions

Relationship to compliance gap analysis

Every compliance finding in an MKDC report should point into the witness bundle — a gap status without an evidence pointer is incomplete for committee review. The bundle is the substrate; gap analysis, runbooks, and executive summary are the views auditors and committees read.

When multiple frameworks apply, one bundle supports FFIEC, SOC 2, SOX, HIPAA, or HHS 405(d) subset mapping as scoped in your SOW. Splitting bundles across vendors reintroduces the inconsistency problem the witness bundle is designed to eliminate.

Integrity and retention expectations

The integrity manifest lets reviewers confirm deliverables were not altered after publication. Retention period and scope boundaries are defined in your statement of work — sized to the examination window and framework subset you sponsor.

Internal audit teams use the bundle for re-performance without MKDC present: open a gap finding, follow the evidence pointer, inspect the source capture and validation log, and re-derive the published conclusion. That workflow is the practical definition of reproducible witness-bundle evidence.

See sample outputs

The homepage includes redacted estate snapshot and compliance gap excerpts styled as deliverable mocks — illustrative of the evidence pointers and gap statuses your committee reviews, not customer data.

Request an intro to discuss how the witness bundle is scoped for your frameworks, examination window, and data center estate — deliverable samples on the homepage show format, not your production identifiers.

Sponsors often ask whether internal audit can verify the bundle without MKDC on the call. Yes — that is the design intent. The integrity manifest and evidence pointers exist so third-party re-derivation does not require vendor participation.

The witness bundle is not a substitute for formal attestation or auditor judgment. It is the evidence substrate that makes advisory DR and compliance documentation defensible when committees and examiners ask for proof.

Deliverable samples on the homepage illustrate gap statuses and evidence pointers — request an intro to scope bundle retention and framework subsets for your examination window.