Reports and board packs

What is a board pack?

A board pack is a structured summary of your cyber risk posture at a specific point in time. It captures your posture score, key risk themes, remediation progress, financial exposure context, and strategic narrative — packaged in a format suitable for board-level review.

Board packs are generated from your current assessment baseline and reflect published, approved data. They are not generated from live backlog state, which ensures consistency between what was reviewed and what was reported.

Snapshot integrity controls

Once generated, report and board pack artifacts are treated as immutable records. The content is locked at generation time — no retroactive changes are possible to a snapshot that has already been produced.

If your posture changes or new assessment context becomes available, a new snapshot version must be generated. The original remains in history unchanged. This protects the integrity of your governance evidence and ensures that historical reports cannot be silently altered after the fact.

Versioning and history

Every board pack has a unique identifier and timestamp. Your report history is preserved so you can review and compare snapshots over time — for example, to demonstrate posture improvement between board reporting cycles or to satisfy an auditor's request for historical evidence.

Access and distribution

Board packs are accessible within your tenant workspace. Access is scoped to your organisation — reports cannot be accessed by other tenants. Distribution outside the platform (for example, sharing a PDF with a board member) is the responsibility of your authorised team members.