The red team report archive contains the full reports from each annual red team exercise. Each report documents the scenarios tested, the attack chains attempted, the successful and unsuccessful attacks, the exploited vulnerabilities, and the recommended mitigations. Findings are cross-referenced to the threat model entries they exercise.

The archive provides evidence of a realistic, ongoing security testing programme that goes beyond automated scanning and penetration testing. Red team exercises test the organisation’s detection and response capabilities, not just the system’s technical controls. A red team that successfully corrupts a data source without triggering any monitoring alert reveals a detection gap that no automated scan would find.

The archive is retained for the ten-year period with immutable timestamps. Remediation records linked to red team findings show the organisation’s response to identified weaknesses.

Key outputs

• Annual red team exercise report archive
• Scenario documentation with attack chain analysis
• Cross-reference to threat model entries
• Module 9 AISDP evidence