# Compliance Reporting

AccessIQ provides built-in reports to help you meet regulatory requirements and maintain visibility into your tenant's security posture.

## Available Reports

| Report                     | Description                                                         |
| -------------------------- | ------------------------------------------------------------------- |
| User Access Report         | Lists all users, their roles, organizations, and application access |
| Login Activity Report      | Summarizes authentication events over a time period                 |
| MFA Enrollment Report      | Shows which users have MFA enabled and which methods they use       |
| Permission Changes Report  | Tracks changes to user roles and organization memberships           |
| Application Access Report  | Details which users have access to each application                 |
| Inactive Users Report      | Identifies users who have not logged in within a specified period   |
| Password Policy Compliance | Shows which users meet current password policy requirements         |

## Generating a Report

1. Go to **Compliance > Reports**.
2. Select the report type.
3. Configure the parameters:

| Parameter  | Description                                          |
| ---------- | ---------------------------------------------------- |
| Date range | The time period to cover                             |
| Scope      | All users, specific organizations, or specific roles |
| Format     | PDF, CSV, or JSON                                    |

4. Click **Generate**.
5. Download the report when it is ready.

## Scheduled Reports

Set up automatic report generation and delivery:

1. On the Reports page, click **Schedule Report**.
2. Choose the report type and parameters.
3. Set the frequency (daily, weekly, monthly).
4. Enter the email addresses that should receive the report.
5. Click **Save**.

Scheduled reports are generated and emailed as attachments at the configured interval.

## Compliance Frameworks

These reports support common compliance frameworks:

| Framework | Relevant reports                                                |
| --------- | --------------------------------------------------------------- |
| SOC 2     | User Access, Permission Changes, Login Activity, MFA Enrollment |
| GDPR      | User Access, Inactive Users (for data minimization)             |
| HIPAA     | Login Activity, Permission Changes, Application Access          |
| ISO 27001 | All reports                                                     |

## Best Practices

* Schedule monthly User Access and MFA Enrollment reports for ongoing oversight.
* Run the Inactive Users report quarterly and deactivate unused accounts.
* Archive reports for the retention period required by your compliance framework.
* Use the Permission Changes report during access reviews to verify that role assignments are appropriate.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://accessiq.gitbook.io/accessiq-docs/audit-and-compliance/reporting.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.