MARPP
Metadata-Anchored Retention & Proof Protocol
Database-level evidence immutability for SOC 2, ISO 27001, and GDPR compliance. Once evidence is created, it cannot be tampered with—guaranteed by PostgreSQL.
Why Immutability Matters
Without MARPP
- ✗Evidence can be modified after creation (tampering)
- ✗Audit logs can be deleted to hide incidents
- ✗Compliance auditors cannot trust your evidence
- ✗You fail SOC 2, ISO 27001, GDPR audits
With MARPP
- ✓Evidence content is locked after creation
- ✓Audit logs are append-only (no modifications)
- ✓Database enforces rules—code cannot bypass
- ✓Pass SOC 2, ISO 27001, GDPR audits
How MARPP Works
MARPP uses PostgreSQL triggers and constraints to enforce immutability at the database level— application code cannot bypass these rules.
1. Evidence Immutability
Locks content and evidenceHash fields after creation. Metadata can update (access tracking), but evidence cannot.
2. Append-Only Logs
Blocks UPDATE and DELETE operations on audit log tables. Only INSERT operations allowed. Attackers cannot cover their tracks.
3. Size Limits
Limits evidence artifacts to 10 MB and CI payloads to 5 MB. Prevents database bloat and storage abuse.
Compliance Alignment
MARPP directly addresses requirements from major compliance frameworks
| Framework | Requirement | MARPP Control |
|---|---|---|
| SOC 2 | CC7.2 - System monitoring | Append-only audit logs |
| SOC 2 | CC8.1 - Change management | Evidence immutability |
| ISO 27001 | A.12.4.1 - Event logging | Audit log protection |
| ISO 27001 | A.18.1.3 - Protection of records | Evidence immutability |
| GDPR | Article 32 - Security of processing | Integrity guarantees |
Database-Level Enforcement
PostgreSQL triggers enforce rules for ALL connections—API, admin tools, scripts
Evidence Immutability Trigger
CREATE TRIGGER evidence_immutability_trigger
BEFORE UPDATE ON "compliance_evidence_artifacts"
FOR EACH ROW
EXECUTE FUNCTION prevent_evidence_mutation();Why Database-Level?
- Application code can have bugs
- Developers can accidentally bypass checks
- Database enforces for ALL connections
- Auditors trust DB constraints more than code
Protected Tables
- • AuditLog
- • audit_logs
- • admin_audit_logs
- • assessment_access_logs
- • kill_switch_audit_logs
Who Needs MARPP?
SOC 2 Audits
Auditors require tamper-proof evidence and audit logs. MARPP provides cryptographic integrity guarantees.
Regulated Industries
Healthcare, finance, and government require immutable audit trails for HIPAA, GDPR, and FedRAMP compliance.
Enterprise Security
Security teams need confidence that incident evidence cannot be tampered with by attackers or insiders.
MARPP is Included in Business Tier
Get database-level evidence immutability, append-only audit logs, and compliance-ready infrastructure.
Frequently Asked Questions
Can I modify evidence content?
No. Evidence is immutable after creation. Create new evidence instead and link to old evidence with the supersededBy field.
Can I delete evidence?
Yes. Deletion is allowed for retention policies. Modification is blocked to prevent tampering.
Can I modify audit logs?
No. Audit logs are append-only. No modifications or deletions allowed.
What happens if I exceed size limits?
Database will reject the INSERT with a constraint violation error. Use external storage (S3) for files larger than 10 MB.
Can I bypass MARPP in application code?
No. MARPP is enforced at the database level for all connections—API, admin tools, and scripts.