Attesto

Trust Center

Verifier-first trust model

Attesto output is designed to be checked. A recipient should be able to verify receipts, stream order, checkpoint consistency, witness quorum, anchors, fork evidence, and bundle manifests without being granted access to a private tenant account.

Independent verification

Independent verification means the verifier receives evidence objects and checks the cryptographic and structural relationships locally. The verifier does not need to trust a screenshot or dashboard status. 

attesto --json bundles verify \
  --file ./attesto-bundle.json > ./verification-report.json

Verification report shape

{
  "ok": true,
  "kind": "bundle",
  "checked": [
    "manifest_digest",
    "receipt_signatures",
    "stream_sequence",
    "window_inclusion",
    "checkpoint_consistency",
    "witness_quorum",
    "anchor_reference"
  ],
  "problems": []
}

Public service status

status.attesto.eu publishes customer-facing service health, public incidents, latency, HTTP expectations, timezone metadata, and 90-day per-service uptime bars. The status surface is intentionally separate from tenant data and internal control-plane diagnostics: it exposes public probe results only, not logs, secrets, provider payloads, private tenant evidence, or the admin control panel.

Recommended external workflow

  1. Receive a bundle from the tenant or auditor workflow.
  2. Record the bundle digest before inspection.
  3. Run offline verification locally.
  4. Review witness/quorum and fork-evidence sections.
  5. Optionally re-check anchor references online.
  6. Store the verification report alongside the received bundle.

Trust boundaries

Verification proves integrity relationships inside the evidence pack. It does not prove that the original source system was truthful, that legal obligations are fully satisfied, or that an AI decision was substantively correct. Those remain customer and reviewer responsibilities.

Attesto also maintains security-management readiness records for scope, risk, assets, suppliers, incidents, internal review, and management review. See Security Management for the public explanation of this ISMS preparation model.

Attesto also keeps a broader Certification Readiness map for ISO/IEC 27001, SOC 2 Type II, ISO/IEC 27701, Cyber Essentials Plus, NEN 7510, ENSIA/BIO, and eIDAS 2.0 alignment. It is preparation evidence only and does not claim an external audit, legal, or qualification outcome.