Compliance Reports
SyVault generates on-demand compliance reports that give auditors and security teams a snapshot of your organization's posture. Reports are available from the Admin Console under Reports > Compliance.
What Data Is Included
Each compliance report contains the following sections:
Member Security Summary
- Total member count (active, suspended, invited)
- Two-factor authentication enrollment rate
- Members without 2FA enabled (listed by email)
- Master password policy compliance (length, complexity)
- Last login timestamps per member
Device Inventory
- Total registered devices per member
- Device platform breakdown (Windows, macOS, Linux, iOS, Android)
- Devices pending approval (if device approvals are enabled)
- Last activity timestamp per device
Policy Summary
- Active enforcement policies and their settings
- Password complexity requirements
- Session timeout configuration
- Vault sharing restrictions
- IP allowlist / trusted network rules
Vault Activity
- Total records created, modified, and deleted in the reporting period
- Sharing activity (items shared, shares revoked)
- Emergency access grants and usage
- Failed login attempts and account lockouts
Generating a Report
- Navigate to Admin Console > Reports > Compliance.
- Select a reporting period (last 30, 60, or 90 days, or a custom date range).
- Click Generate Report.
- The report is prepared in the background. You will receive an email when it is ready.
Reports are retained for 12 months and can be re-downloaded at any time from the report history table.
Exporting to CSV
Every report section can be exported individually as a CSV file for import into GRC tools or spreadsheets.
- Open a completed report.
- Click the Export dropdown on any section header.
- Choose CSV. The file downloads immediately.
You can also export the entire report as a single ZIP archive containing one CSV per section by clicking Export All > CSV Archive at the top of the report.
Use in Audits
SOC 2
The member security summary and policy summary map directly to SOC 2 Trust Services Criteria CC6.1 (logical access) and CC6.6 (system operations). Auditors typically request the 2FA enrollment rate and password policy evidence.
HIPAA
For covered entities, the device inventory and vault activity sections satisfy the HIPAA Security Rule requirements for access controls (164.312(a)) and audit controls (164.312(b)). Export the member security summary to demonstrate workforce access management.
GDPR
The vault activity report provides the data processing evidence required under Article 30. The member list and device inventory help document who has access to personal data stored in shared vaults.
Permissions
Only organization owners and members with the Compliance Officer role can generate and view compliance reports. This role can be assigned under Admin Console > Members > Roles.
Scheduling Automatic Reports
You can configure SyVault to generate reports on a recurring schedule:
- Go to Admin Console > Reports > Compliance > Schedule.
- Choose a frequency (weekly or monthly).
- Select which sections to include.
- Add email recipients who should receive the report link.
Scheduled reports appear in the same report history table as on-demand reports.