'/%3e%3c!--%20inner%20disk%20--%3e%3ccircle%20cx='100'%20cy='100'%20r='66'%20fill='url(%23sealDark)'/%3e%3c!--%20double-ring%20detail%20--%3e%3ccircle%20cx='100'%20cy='100'%20r='70'%20fill='none'%20stroke='%23ffffff'%20stroke-opacity='0.35'%20stroke-width='1.5'/%3e%3ccircle%20cx='100'%20cy='100'%20r='58'%20fill='none'%20stroke='%23ffffff'%20stroke-opacity='0.45'%20stroke-width='2'/%3e%3c!--%20checkmark%20=%20proof%20--%3e%3cpath%20d='M74%20101%20L92%20119%20L128%2081'%20fill='none'%20stroke='%23ffffff'%20stroke-width='11'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/svg%3e)
Pramana
A compliance-training tracking platform that produces auditable proof of completion. Named for प्रमाण ("valid means of knowledge"), v1 is SOX-scoped with an append-only, tamper-evident audit trail.
What is Pramana?
Pramana — Sanskrit प्रमाण, “proof” or “valid means of knowledge” — is a compliance-training and tracking platform. It assigns mandatory training, tracks completion across an organization, and produces the auditable evidence that the training actually happened. The name is literal: the system’s job is to generate pramana of compliance.
The problem it solves
Regulated companies must prove — to auditors, not just to themselves — that the right people completed the right training on time. That proof has to be tamper-evident and survive long retention windows. Pramana treats the audit trail as the product: every assignment, reminder, completion, and exception is recorded in an append-only log archived to immutable object storage.
v1 scope
The first release is a single-tenant deployment scoped to SOX (Sarbanes-Oxley) compliance training. The architecture is framework-aware from the start — HIPAA, ISO/IEC 27001, GDPR, and PCI DSS are mapped on the roadmap — but v1 stays deliberately narrow to ship a correct, defensible SOX workflow first.
Architecture
- Service: Python 3.12+ with FastAPI, specified API-first against an OpenAPI 3.1 contract
- Data: SQLAlchemy 2.x with Alembic migrations on PostgreSQL
- Core domain: a pure, well-tested assignment state machine that drives every training assignment from assigned → completed (or escalated)
- Background work: Celery + Redis for reminders, escalations, and report generation
- Identity: enterprise SSO via SAML / OIDC
- Audit archive: AWS S3 with Object Lock, so the compliance log is write-once and tamper-evident
Status
Early build. The requirements and locked design decisions are complete, and the foundation is going in: the OpenAPI 3.1 specification, the SQLAlchemy data model with an Alembic baseline, repository scaffolding, and the assignment state machine as a pure domain layer. The v1 service implementation is the next milestone.