Skip to content
Skip to content
Migration Kit Security

Import TrustCenter

Migrating historical audit data requires trust. GRCTrack's Migration Kit provides complete chain-of-custody tracking, approval workflows, and comprehensive audit logging to ensure your data is protected throughout the import process.

Chain-of-Custody Workflow

Every import follows a strict four-step process with full traceability.

1

Upload & Hash

Every file is SHA-256 hashed on upload. The original hash is stored permanently to verify file integrity.

2

Dry-Run Validation

Data is validated against your framework requirements without creating any records. Review errors before committing.

3

QSA Admin Approval

Imports require explicit approval from a QSA Admin. No data is created until authorized by an approver.

4

Audit Trail

Complete chain-of-custody: who uploaded, who approved, timestamps, IP addresses, and file hashes.

Security Controls

Multiple layers of protection ensure your audit data remains secure and tamper-proof.

File Integrity Verification

SHA-256 cryptographic hashing ensures uploaded files cannot be tampered with. The hash is verified before import execution.

Role-Based Access Control

Only authorized QSA roles can upload. Only QSA Admins can approve imports. Separation of duties enforced.

Comprehensive Audit Logging

Every action is logged with user ID, timestamp, IP address, and user agent. Logs are immutable and exportable.

Approval Workflow

Two-person integrity: the uploader cannot approve their own import. QSA Admin review is mandatory.

Malware Scanning

All uploaded files are scanned for malware before processing. Infected files are quarantined automatically.

Data Isolation

Each organization's import data is isolated. Cross-tenant access is architecturally prevented.

Separation of Duties

Import permissions are separated by role to ensure proper oversight and approval.

QSA / Senior QSA

  • Upload CSV/Excel files
  • Map columns to fields
  • Run validation (dry-run)
  • Submit for approval

QSA Admin

  • All QSA permissions
  • View pending approvals
  • Approve or reject imports
  • Execute approved imports

Complete Audit Trail

Every import operation captures comprehensive metadata for audit and compliance purposes. These records are immutable and can be exported for external auditors.

Immutable Records
Timestamped

Captured Fields

uploader_idUser who uploaded the file
uploader_ipIP address at time of upload
upload_timestampISO 8601 timestamp of upload
file_hashSHA-256 hash of original file
approver_idQSA Admin who approved the import
approval_timestampWhen approval was granted
user_agentBrowser/client identification
validation_resultsFull validation report preserved

PCI-PURE Compliant

All imports validate against official PCI Council requirement numbers only. Custom or unofficial control numbering is rejected to ensure assessment integrity and alignment with the PCI-PURE initiative.

Official Numbers Only

Validation on Import

Framework Alignment

Ready to Migrate Your Audit Data?

Import your historical assessments with confidence. Full chain-of-custody tracking ensures your data is protected every step of the way.

Request a DemoView Security Practices