Hand a case off to an auditor.

Set the case banner's status to whatever matches the handoff narrative:

• Closed — root cause identified, permanent fix shipped. The audit happens after-the-fact for compliance.
• Known Error — root cause identified, no permanent fix yet. The auditor will see the workaround in place.
• Open — active investigation; the auditor is being looped in mid-flight. Use this when the regulator wants a live read.

Status changes audit-log automatically. The auditor will see the transition timestamp in the bundle.

Open the RCA editor. The Case Properties section is where regulators and auditors look first. Confirm:

• SLA timestamps — Detection / Acknowledgement / Resolution. Loupe computes MTTD / MTTA / MTTR from these.
• Impact — Users affected, outage duration, affected services
• Affected Assets — every host / IP / FQDN / email surfaced from events, classified Affected / Downstream / Upstream-control / Unrelated. Unclassified rows do not appear in the writeup.
• Related tickets — INC / CHG / PRB references for cross-system traceability

If your audience is regulator-facing, the ITIL Post-Incident Review template carries Workaround vs Permanent Fix vs Known Error cleanly — these are the distinctions audit reviewers expect.

Click Export bundle on the case banner. Four sections to review.

Default redactions are on for email addresses, IPv4 addresses, and bearer tokens. UUIDs default off because case IDs are themselves UUID-shaped — you usually want them preserved for cross-reference.

Decide deliberately:

• Internal team handoff — leave UUIDs on, redact emails/IPs/tokens (default)
• External auditor / regulator — turn UUIDs on too, so internal correlation IDs don't leak
• Vendor escalation — redactions off; the vendor's engineers need real IPs and emails to reproduce

The manifest records exactly what was redacted, so the auditor can see at a glance how the bundle was processed.

Include copies of raw log files is off by default. Two reasons to flip it on:

• The auditor expects to re-derive citations against the original logs themselves (typical for regulator handoffs).
• Your retention policy requires the chain-of-custody bytes travel with the writeup.

Two reasons to leave it off: bundle size (raw logs can be hundreds of MB) and the redaction caveat — Loupe redacts the writeup, not the binary log files. If you include raw logs and they contain sensitive content, redact those files separately before exporting.

Toggle Also produce an encrypted .zip alongside the bundle and provide a password. Loupe writes a sibling .zip using the standard ZipCrypto format. The auditor unpacks with unzip -P.

ZipCrypto is universally readable but cryptographically weak. It's appropriate for “don't email plaintext logs” transport. It is nota substitute for end-to-end recipient-keyed encryption (age / PGP) — that's on the v1.x roadmap. Share the password out-of-band, not in the same email as the zip.

Click Export. Loupe writes the bundle directory and (optionally) the encrypted zip. The success view names the path and warns about anything that didn't make it (rare — typically a raw log whose original path moved between ingest and export).

Before sending, run the recipient-side check yourself, against what you're about to attach:

cd rca-PRB-20260427-A1B2-2026-04-27-orders-outage
shasum -a 256 -c Hashes.txt
cat Manifest.json | python3 -m json.tool | grep redactionTargets

Confirms the bundle is intact and the redaction posture matches what you intended. Five seconds of CYA before the audience sees it.

Attach the directory (or the encrypted zip) to whatever channel the audience uses — email, secure upload portal, S3 bucket, courier. Include in the message:

• The bundle's top-level directory name (acts as case ID for the audience)
• A pointer to the recipient verification flow so the auditor knows the verification recipe
• The transport password (if you used one) — sent through a separate channel

That's the entire handoff. The bundle is self-contained; the auditor can verify it without your continued involvement.