The proliferation of computerized automation of processes in every aspect of life, data storage and processing have become a major component of networked systems handling financial and other transactions. In such systems, data is entered, modified, or deleted from a number of sources. The same data is maintained in multiple data stores in same or different formats, and a data store has to pick up or synchronize changes to data based on changes in a different store. Various data stores from simple tables to complicated databases is maintained and synchronized as new entries or modifications are made by different sources. The changes are synchronized at regular intervals. In addition, variety of services are offered to enable internal and external parties' interactivity with the data hosted by the data stores. Consumers of the data as well as providers usually demand certifications associated with the services to enable compliance-associated processes between the parties.
In maintaining a compliant cloud service, providing proof of compliance to compliance customers is part of the process. The proof may need to include a showing that the compliance controls implemented on the service are actually operating as expected. Conventional systems employ an independent third party (an auditor) to collect evidence from a sample of service components and test them manually. For example, records from 10% of servers may be collected and examined for an indication of compliance. Due to the scale in cloud services, however, even small samples (e.g., 1% or servers) may mean testing thousands of objects. Approaches that provide automated testing in the environment (providing a report of aggregated test results to determine compliance) face the challenge that for customers or auditors, the automation is a black box—they do not have any reason to trust that it is in fact testing the compliance controls in an effective way.