Verifiable Evidence Chain
Every report is openssl-verifiable.
Re-render from report_id on any environment. The SHA-256 content fingerprint matches exactly. The RFC 3161 serial verifies independently against the publishing TSA's certificate chain.
01Source captured
Hospital BACnet sensor reads CO2 682 ppm. device-ingest-gateway hashes payload, writes to canonical hypertable, emits audit log entry.
02Sector intelligence applied
ERP Ratings derives executive triplet, E/S/G pillar scores, risk posture, and the eight Healthcare H1-H8 sector inserts.
03Trajectory analyzed
GoalNetZero produces Net Zero & SBTi Readiness, Carbon Credit Readiness, Targets & Progress with explicit strict-readiness language.
04Report composed
Composition engine selects sections by sector + framework filter + portfolio context. Polish layer applies premium typography + Bloomberg-grade integration styles.
05Content hash computed
SHA-256 over report.json + methodology pack. Two renders against the same report_id produce identical fingerprints.
06RFC 3161 serial issued
Trusted Timestamp Authority (FreeTSA dev / DigiCert production) issues a real serial. Anchor includes content hash + serial + TSA chain.
07Sidecars packaged
Six sidecars emit per render: report.json, methodology JSON+YAML, proof-anchor.json, evidence manifest, artifact manifest, composition decisions.
08Customer audit-verifies
openssl ts -verify -in <tsr> -CAfile <tsa-cacert>. The audit committee runs this command in front of the CFO. Independent third-party verification.
What this is not
Formal certification, third-party assurance opinion, SBTi validation, Verra/Gold Standard project registration, regulator compliance determination, or clinical causation inference. EcoVeraZ provides readiness intelligence and evidence traceability. Formal certification, assurance, or validation remains with authorized third parties.