Skip to main content

Reporting & Data Export

Protection-Driven Reporting

The First Watch® platform is not designed as a dedicated reporting or GRC system. Its primary mission is active protection and deterministic policy enforcement. Reporting capabilities exist to transform operational data into structured, exportable evidence that supports review, investigation, and compliance processing.

All reports are derived directly from the same time-stamped events, alarms, policy actions, and asset data used for monitoring and enforcement. This ensures consistency between what is enforced operationally and what is presented for review.

Rather than focusing on complex report formatting, the platform emphasises structured data export — primarily in CSV format — to enable flexible downstream analysis. Exported data can be used for internal review, further investigation, external reporting, or integration with other enterprise systems.

Operational Reporting

Reporting is most commonly used to:

  • Extract asset inventories and asset change histories — providing a current and historical view of managed assets
  • Review alarm and policy-trigger activity over defined time periods
  • Analyse change events during maintenance windows — identifying what changed, when, and by whom
  • Examine policy violations or enforcement actions for root-cause clarification

Because data is exportable, organisations can process it using their preferred tools — including spreadsheet analysis, compliance platforms, SIEM systems, or internal governance dashboards.

Compliance Evidence

From a compliance perspective, reporting provides evidence of:

  • Asset visibility and ownership — demonstrating awareness and control of the operational environment
  • Controlled and traceable change management — documenting all changes with attribution and timestamps
  • Policy enforcement and override governance — recording what was enforced, what was overridden, and under what authority
  • Alarm handling and operational response — confirming that events were acknowledged and addressed

The platform does not impose framework-specific reporting structures. Instead, exported evidence can be mapped to regulatory or industry standards such as IEC/ISA 62443 or ISO/IEC 27001 within the organisation's existing compliance processes.

Report Generation

Reports and exports can be generated on demand for audits, investigations, or management review. Where required, data extraction can be performed on a scheduled basis to support recurring governance activities.

The emphasis remains on providing accurate, structured operational data rather than producing static, presentation-oriented reports.

All exported data retains:

  • Time stamps — precise sequencing of all recorded activity
  • Asset attribution — linking every record to a specific managed asset
  • User attribution — identifying the responsible operator or system account
  • Policy linkage — connecting activity to the governing policy and enforcement outcome

This ensures that evidence remains traceable and defensible when used for audit, regulatory review, or internal analysis.

Data Export

Data export capabilities allow operational and governance data collected by the First Watch® platform to be shared, analysed, or archived outside the platform in a controlled and auditable manner. Data export is designed to support integration and oversight without weakening security or governance controls.

Export Scope and Purpose

Data exports may include:

  • Events and alarms
  • Asset inventory and asset history
  • Change records and investigation evidence
  • Operational and compliance reports

Exports are typically used for:

  • External reporting and audits — providing structured evidence to regulators and auditors
  • Integration with SIEM, SOC, or analytics platforms — feeding operational data into enterprise security workflows
  • Long-term archival and trend analysis — preserving historical data for governance and review

Export scope is intentionally configurable to ensure that only relevant and approved data is shared.

Supported Export Formats

The platform supports structured data export formats suitable for downstream processing and analysis:

  • CSV export — enabling straightforward analysis and reporting using standard tools
  • Elastic export capabilities — supporting advanced search, correlation, and analytics workflows

These mechanisms allow organisations to leverage existing tools while preserving the integrity of platform data.

Reporting and data export within the First Watch® platform are designed to support protection-driven governance. The platform provides reliable, structured data that can be exported and analysed externally — enabling organisations to demonstrate control and accountability without transforming the platform into a full reporting or SIEM solution.