{
  "sample_notice": "Synthetic demo-only supplier evidence dossier. No customer data, no real supplier names, no secrets.",
  "schema_version": "certisigma.sample.dossier.v1",
  "id": "sample-nis2-supplier-evidence-dossier",
  "title": "NIS2 supplier evidence dossier sample",
  "created_at": "2026-05-20T08:35:00Z",
  "audience": [
    "supplier security review",
    "customer due diligence",
    "audit preparation"
  ],
  "positioning": "Evidential support only. This sample does not claim or establish NIS2 compliance.",
  "boundary_statement": "CertiSigma can date and verify digests and selected evidence references. It does not verify the truth of policy statements or operational controls.",
  "included_materials": [
    {
      "id": "policy-index",
      "label": "Security policy index",
      "hash_hex": "8f434346648f6b96df89dda901c5176b10a6d83961dd3c1ac88b59b2dc327aa4",
      "evidence_level": "T1"
    },
    {
      "id": "asset-baseline",
      "label": "Supplier asset baseline manifest",
      "hash_hex": "1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f53",
      "evidence_level": "T1"
    },
    {
      "id": "training-record",
      "label": "Awareness training register export",
      "hash_hex": "4d5e6f708192a3b4c5d6e7f8091a2b3c4d5e6f708192a3b4c5d6e7f8091a2b3c",
      "evidence_level": "T0"
    }
  ],
  "review_questions": [
    "Which documents are in scope?",
    "When were the digests attested?",
    "Which evidence level is available for each material?",
    "Which statements still require human review?"
  ],
  "explicit_limits": [
    "No compliance outcome claim.",
    "No statement that controls are effective in production.",
    "No replacement for legal, audit or customer-specific assessment."
  ]
}