Help — preparing files
What files should we prepare before the first submission?
A practical checklist for assembling supplied records before the first PASS attempt.
General rule
Supply the records the team already has that correspond to the buyer / reviewer’s question. Do not over-collect. Do not upload secrets.
Typical record types
- Security policies and signed acknowledgements.
- Change/release records and signed build attestations where applicable.
- Vendor / subprocessor lists.
- Audit log exports for the relevant window.
- Trust-center / DPA snapshots.
- Model card, evaluation results, agent operation traces (for AI vendors).
What not to upload
- Passwords, private keys, root credentials, API secrets, raw production secrets.
- Personal data not necessary for the named reviewer.
- Records the team does not have the right to share with the named reviewer.
See the Acceptable use policy.
Format
PDF, ZIP, JSON, signed manifests, and standard log exports are all supported. AttestLayer does not require a specific schema for supplied records.