{
  "sample_notice": "Synthetic demo-only DORA data integrity evidence pack. No customer data and no operational secrets.",
  "schema_version": "certisigma.sample.evidence-pack.v1",
  "id": "sample-dora-data-integrity-evidence-pack",
  "title": "DORA data integrity evidence pack sample",
  "created_at": "2026-05-20T08:40:00Z",
  "positioning": "Evidential support for ICT risk documentation. This sample does not claim or establish DORA compliance.",
  "scope": {
    "workflow": "critical report export integrity",
    "content_policy": "Report contents are outside this sample; only digests and references are shown."
  },
  "evidence_items": [
    {
      "id": "daily-report-export",
      "artifact_type": "report_manifest",
      "hash_hex": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "attested_at": "2026-05-20T07:00:00Z",
      "evidence_level": "T1"
    },
    {
      "id": "control-log-export",
      "artifact_type": "control_log_manifest",
      "hash_hex": "60303ae22b99886121b0ddf6b3e9c6f5c7eeab4ca04f5c59f5c88d22f6dcbd8b",
      "attested_at": "2026-05-20T07:05:00Z",
      "evidence_level": "T0"
    }
  ],
  "chain_of_custody_notes": [
    "Document the system that produced each manifest.",
    "Record the operator or automation identity outside the public bundle.",
    "Keep original exports in the organization's controlled repository."
  ],
  "explicit_limits": [
    "No guarantee that the source system was correct.",
    "No compliance outcome conclusion.",
    "No assertion that every relevant record is included."
  ]
}