6. Evidence Model

The evidence model defines the obligations for generating and retaining evidence arising from the deterministic execution of certified workflows. Evidence produced by chkpt must be complete, tamper‑resistant, and sufficient to support institutional oversight. The evidence model ensures that every execution can be reconstructed, reviewed, and trusted over time.

6.1 Purpose of Evidence

Evidence provides the institutional record of how a certified workflow was applied. It enables auditors, reviewers, and governance authorities to verify that execution remained within admissible behaviour boundaries and aligned with the authorised workflow version. Evidence is the primary mechanism through which chkpt supports accountability, drift detection, and long‑term trust. The conceptual basis for evidence is introduced in the Conceptual Model.

6.2 Evidence Requirements

Evidence must be complete and sufficient to reconstruct the execution. At minimum, chkpt must record declared inputs, declared results, relevant intermediate state information where required by the workflow, and metadata linking the execution to the workflow and execution versions. Evidence must reflect the actual behaviour of the execution and must not omit any required information. These requirements support the determinism guarantees defined in the Execution Model.

6.3 Integrity Guarantees

Evidence must be tamper‑resistant. chkpt must ensure that evidence cannot be altered without detection and that the integrity of the record is preserved for the duration of its required retention period. Integrity guarantees may be implemented through cryptographic mechanisms, secure storage, or other institutionally approved methods. Integrity is essential for institutional reviewability and long‑term accountability.

6.4 Association with Workflow and Execution Versions

Evidence must unambiguously identify the workflow version and execution version used during the Application. This association ensures that reviewers can understand the behavioural context of the execution and verify that it aligned with the authorised workflow version. Version identifiers must be included in the evidence record. Versioning rules are defined in Versioning.

6.5 Intermediate State Evidence

Some workflows require evidence of intermediate states to support institutional review. chkpt must record intermediate state information when mandated by the workflow’s evidence obligations. Intermediate state evidence must be sufficient to demonstrate that execution remained within admissible behaviour boundaries throughout the process. This supports drift prevention as defined in the Execution Model.

6.6 Evidence Retention

Evidence must be retained for the period defined by the adopting organisation’s governance model. chkpt does not prescribe retention durations or storage mechanisms; it requires only that evidence remain accessible, intact, and verifiable for the duration of its retention period. Institutions are responsible for ensuring that evidence is stored in a manner consistent with their regulatory, operational, and audit requirements.