Skip to main content

Glossary

Key terms used throughout the QAudit documentation, listed alphabetically.

Organisation The entity that contracts with Serensia for the QAudit service. An organisation owns one signing key, one OIDC identity provider configuration, and one or more tenants. The organisation is the top-level scope for signing and access control. See Organisations and tenants.

Audit event (also: event) The fundamental unit of data in QAudit. An audit event is a structured JSON record produced by an upstream system and submitted to the Audit Gateway. It carries an envelope (platform metadata) and a payload (business content). Once stored, it is immutable and signed. See Events.

Audit Gateway (also: Gateway) The entry point for all events submitted to QAudit. The Gateway receives events from upstream systems, assigns a receipt timestamp, computes the chain link hash, signs the event with the organisation's key, and persists the record. See How QAudit works.

canonical payload The event payload serialised in RFC 8785 JCS (JSON Canonicalization Scheme) deterministic form. The canonical representation ensures that two different serialisations of the same JSON object produce the same bytes, making it suitable as a signature input.

chain link hash A SHA-256 hash that encodes an event's position on the tenant's hash chain. Computed as SHA-256(prev_sig ‖ prev_event_id ‖ event_id). Included in the signature input, which means moving an event to a different position in the chain invalidates its signature. See The event chain.

Dashboard The browser-based application used by organisation users to view events, KPI values, reports, and evidence packs.

data sovereignty The set of guarantees that data is stored within a defined legal and geographic boundary, is not accessible to parties outside that boundary without explicit authorisation, and will be retained for the legally required period. See Data sovereignty.

event chain A per-tenant sequence of events linked by a hash chain. Each event's chain link hash depends on the previous event's signature and IDs. Tampering with any event or reordering events causes a chain break detectable by integrity verification. See The event chain.

event name A dot-separated identifier for an event type, including a version suffix (e.g. pa.invoice.received.v1). The first segment is the namespace prefix; the last is the version. See Events.

event namespace The prefix segment of an event name, identifying the system that owns the event type. Current namespaces: pa.* (Serensia PA), sig.* (Serensia SIG), qaudit.* (QAudit platform). See Events.

evidence pack A portable, self-verifying archive containing the final KPI value for one (tenant, KPI, period) combination, the source events that contributed to it, and the metadata needed to independently verify both the KPI result and the integrity of every event. Produced automatically at period close. See Evidence packs.

final (settlement state) A KPI value whose evaluation period has closed. The value is locked; no subsequent events can change it. Contrast: running. See KPIs and settlement state.

integrity tier The level of external attestation attached to an evidence pack's timestamp. Three tiers exist: T1 (internal CA, default), T2 (eIDAS-qualified RFC 3161 timestamp), T3 (T2 + QES). Configured per organisation. See Evidence packs.

KPI (Key Performance Indicator) A computed metric derived from audit events over an evaluation period. KPIs are always displayed with a settlement-state badge. See KPIs and settlement state.

open ingest The Gateway's acceptance policy: any event with a known tenant, valid JSON payload, and complete envelope is accepted, signed, and stored — regardless of whether its event_name is a recognised type. See Events.

operation-audit event An event recording an action taken within QAudit itself (e.g. a user logging in, a pack being downloaded). Stored on the same chain as business events with the same signature and integrity guarantees. Namespace: qaudit.*.

receipt timestamp (receipt_ts) The Gateway's authoritative timestamp for when an event was received and stored. Assigned by the Gateway, not by the emitter. Part of the signature input.

running (settlement state) A KPI value whose evaluation period is still open. The value may change as new events arrive. Always displayed with the "Running" badge. Contrast: final. See KPIs and settlement state.

S3NS The French sovereign cloud provider hosting QAudit, operating under the ANSSI SecNumCloud qualification framework.

SecNumCloud The French national cybersecurity agency (ANSSI) qualification framework for cloud services, imposing requirements on data localisation, operational sovereignty, and access control.

settlement state Whether a KPI value's evaluation period is still open (Running) or has closed (Final). Shown as a badge on every KPI value across all surfaces. See KPIs and settlement state.

signing key An Ed25519 private/public key pair used to sign events. One key per organisation. The private key is held exclusively within the key management system and never leaves it. The public key is distributed to the organisation at onboarding. See Signing and integrity.

system chain A special hash chain that records platform-level events (infrastructure actions, key rotations, configuration changes) using the sentinel tenant identifier 00000000-0000-0000-0000-000000000000. Has the same integrity properties as a regular tenant chain. See The event chain.

tenant A scoped data partition within an organisation. Every event belongs to exactly one tenant. Each tenant has its own independent hash chain. See Organisations and tenants.

tenant_id The mandatory UUID field on every event that identifies which tenant the event belongs to.

white-label partner An organisation deployment pattern where a single organisation (a platform operator) has many tenants, each corresponding to one of the operator's downstream customers. Contrast: direct customer.