Audience : Data Governance, Compliance Teams, DPOsRegulatory frameworks like GDPR, SOX, HIPAA, and industry standards require organizations to demonstrate control over their data. AnomalyArmor provides the audit trails and change documentation needed for compliance.
Compliance Use Cases Requirement How AnomalyArmor Helps Data Lineage Track what data exists and where Change Management Document all schema modifications Audit Trails Immutable logs of detected changes Access Documentation Record what AnomalyArmor can see Data Classification Tag PII and sensitive data
Schema Change Documentation Automatic Change History Every schema change is automatically recorded:
Schema History: customers table ──────────────────────────────── 2024-01-15 08:00:00 UTC Change: Column removed - ssn (varchar) Detected by: Discovery Run #1234 Details: Column no longer exists in source 2024-01-10 14:30:00 UTC Change: Column added - gdpr_consent (boolean) Detected by: Discovery Run #1200 Details: New column discovered 2024-01-05 09:15:00 UTC Change: Column type changed - email From: varchar(100) To: varchar(255) Detected by: Discovery Run #1150
Accessing Change History
Navigate to Assets
Click on any asset
Select Schema History tab
Filter by date range
Export for auditors
Exporting for Audits Export schema change history:
Go to Assets → [Asset] → Schema History
Click Export
Select format: CSV, JSON, or PDF
Choose date range
Download
The export includes:
Asset name and location
Change type and details
Detection timestamp
Discovery run ID
Before/after values
Data Classification Tagging Sensitive Data Identify and tag PII and sensitive columns:
Navigate to an asset
Click Classification tab
Select columns to classify
Apply tags:
PII - Personally Identifiable InformationFinancial - Financial dataHealth - Health/medical dataConfidential - Internal confidentialCreate custom tags for your organization’s specific requirements
Classification Alerts Alert when classified columns change:
Field Value Rule PII Column Changes Event Schema Change Detected Classification PII Conditions Any change Destinations Email compliance@company.com , Slack #data-governance
Classification Report Generate a report of all classified data:
Go to Assets
Filter by Classification
Export filtered results
Report includes:
All assets with classified columns
Classification tags applied
Column details
Last change date
Audit Trail Access What’s Logged AnomalyArmor maintains audit logs for:
Activity Logged Details Discovery runs Start time, end time, assets found, changes detected Schema changes Before/after state, detection time Configuration changes Who changed what, when User actions Login, logout, settings changes Alert activity Alerts fired, acknowledged, resolved
Accessing Audit Logs In the UI:
Go to Settings → Audit Log
Filter by date, user, or activity type
Export for compliance review
Via API: GET /api/v1/audit-logs ? start_date = 2024-01-01 & end_date = 2024-01-31 & activity_type = schema_change
Log Retention Plan Retention Period Standard 90 days Enterprise Configurable (up to 7 years)
Contact support for extended retention requirements.
Compliance Frameworks GDPR GDPR Requirement AnomalyArmor Support Art. 30 - Records of Processing Asset catalog documents data locations Art. 32 - Security of Processing Change monitoring detects unauthorized modifications Art. 33 - Breach Notification Alerts can notify of potential data issues Art. 17 - Right to Erasure Track when PII columns are removed
Recommended Setup:
Tag all PII columns
Alert on any PII column changes
Export monthly PII inventory reports
SOX SOX Requirement AnomalyArmor Support Section 302 - Financial Controls Monitor financial data tables Section 404 - Internal Controls Document all schema changes Change Management Audit trail of modifications
Recommended Setup:
Monitor all financial data tables
Alert on any schema changes to financial data
Weekly export of change reports
HIPAA HIPAA Requirement AnomalyArmor Support Access Controls Document what systems access PHI Audit Controls Log all data access and changes Integrity Controls Detect unauthorized modifications
Recommended Setup:
Tag all PHI columns
Alert immediately on PHI changes
Enable extended audit log retention
Reporting for Auditors Monthly Compliance Report Generate monthly reports showing:
Asset Inventory : All monitored tables and columnsChange Summary : Schema changes in the periodClassification Status : PII and sensitive data inventoryAlert Summary : Alerts fired and responses
Quarterly Review Prepare for quarterly reviews:
Export schema change history for quarter
Export classification inventory
Export audit logs
Document any incidents and responses
Review and update classifications
Annual Audit Package For annual audits, compile:
Alert Rules for Compliance PII Monitoring Field Value Rule PII Data Changes Event Schema Change Detected Classification PII, Personal Data Conditions Any change Destinations Email dpo@company.com , Email compliance@company.com , Slack #data-governance
Financial Data Monitoring Field Value Rule Financial Data Changes Event Schema Change Detected Scope Classification: Financial, OR Assets: revenue , payment , transaction Conditions Any change Destinations Email finance-compliance@company.com , Slack #finance-data
Unauthorized Access Detection Field Value Rule Discovery Failures Event Discovery Failed Scope All data sources Destinations Email security@company.com , Slack #security-alerts
Repeated failures may indicate permission changes or unauthorized access attempts.
Best Practices Documentation
Tag everything sensitive : Don’t miss PII or financial columnsRegular reviews : Quarterly review of classificationsExport regularly : Don’t wait for audits to export data
Monitoring
Alert on all sensitive data changes : Better to know than missInclude compliance team on alerts : They need visibilityDocument incident responses : Keep records of how you responded
Retention
Extended retention for regulated data : Match your regulatory requirementsBackup exports : Keep copies outside AnomalyArmorImmutable storage : Use write-once storage for audit exports
Checklist For compliance readiness:
Data Classification Tagging and classification features
Security Overview Security and compliance documentation
