Training records for audits

How CloudAnzen captures training evidence inside the app so you can prove completion during an ISO 27001, SOC 2, or HIPAA audit.

Training records for audits

Inside the CloudAnzen app, every training attempt produces an audit-grade record. This is the evidence your auditor expects to see.

What gets recorded

For every required user, every course, every version:

  • Start timestamp
  • Completion timestamp
  • Score (percentage)
  • Pass / fail
  • Submitted attempt payload (which choice the user picked per question)
  • Course version (so a re-issued v2 of a course is distinct from v1)
The data lives in the UserOnboardingTraining table — one row per user × course × version, indexed for fast org-wide queries.

Pulling evidence during an audit

  • Open People → Training.
  • Filter by framework, role, or completion status.
  • Export the report as CSV or PDF.
  • Attach to the relevant control evidence (ISO 27001 A.7.2.2, SOC 2 CC1.4, HIPAA §164.308(a)(5), NIST CSF PR.AT-1).
  • Public-site Academy completions are not part of your organization's audit trail — they live in a separate public table. If a team member wants their completion to count for audit, they must take the course inside the app.

    Re-training and refreshers

    A course version bump (e.g., v2 → v3) clears completion status for affected users. Their onboarding page will show the new version as outstanding. Older completions stay in the audit trail for historical evidence.