When we deploy on-premises RAG for a regulated enterprise customer, the first conversation with their technical team is about architecture. The second conversation — often with legal, compliance, or the CISO — is about proof. Not architecture diagrams. Not policy documents. Proof.
That second conversation typically centers on two questions. First: how do we know enterprise queries aren't going to the internet? Second: how do we know the system is actually working, and getting better over time?
Both questions deserve a live answer, not a static one. The moment your compliance evidence is a PDF someone assembled last quarter, it's a policy document with better formatting. The goal is a dashboard that pulls from running system state — so when an auditor asks, the answer is "let me show you the dashboard" not "let me find that report."
The three audiences in the room
Before designing any dashboard, it helps to be clear about who is actually looking at it. In our experience, "executives" in the context of enterprise AI procurement means at least three distinct roles with distinct concerns.
The business buyer — typically a CTO or VP of Engineering — wants to know whether the system is working and improving. Query volume, retrieval quality scores, and usage trends by domain are the numbers that matter to them. They are thinking about ROI and whether to expand.
The compliance buyer — a CISO, CCO, or General Counsel — wants provable data isolation. Not an assertion that data doesn't leave the perimeter. A log file. A network capture. A hash chain. Something they can hand to an auditor without hedging.
The budget holder wants one number: is this worth the cost? Query volume trends and retrieval score improvement give them that story without requiring them to understand the technical details.
A single dashboard can serve all three — but only if it is deliberately structured around those distinct concerns rather than organized around what is easy to instrument.
The four numbers that matter most
We have found that the following four top-line metrics answer the most important questions immediately, before anyone has to read a chart:
| Metric | Who cares | Example |
|---|---|---|
| Queries this month | Business buyer | 14,382 (↑ 23%) |
| Avg retrieval score | Business buyer | 0.87 (↑ from 0.74 at launch) |
| Internet egress events | Compliance buyer | 0 (90-day rolling window) |
| Audit chain integrity | Compliance buyer | 100% (all logs verified) |
The zero egress events number is the one that changes the energy in the room. A CISO who has spent years trying to get software vendors to take data isolation seriously will look at that number and ask how it is produced. That question is the opening for the deeper compliance conversation — and the answer had better not be "we configured the firewall."
Proving the zero, not just claiming it
The egress count comes from a continuous packet capture running 24/7 inside each RAG container. Not at the network perimeter — inside the container itself, using tcpdump. Capture windows are rotated, SHA-256 hashed, and appended to a tamper-evident log in real time. Zero packets in the capture = demonstrable proof, not a policy assertion.
This is a meaningful distinction. A network policy that says RAG containers have no internet access is a configuration. It can drift. It can be misconfigured. It can be overridden by a well-intentioned infrastructure change. A continuous capture that shows zero outbound packets is evidence. It is what happened, not what was supposed to happen.
The compliance story must be demonstrably true — so that when an auditor asks how you know enterprise queries are not going to the internet, the answer is not a policy document. It is a network diagram generated from live Docker state and a log file with an unbroken hash chain.
The audit chain integrity number comes from the same pattern applied to both the ingestion pipeline and the query log. Every ingestion event — every time a document enters the system from an approved public source — is written to a hash-chained JSONL file. Every query event is similarly logged. A report generator verifies the chain before rendering the dashboard. If any entry has been modified or deleted, the chain breaks and the number drops below 100%. An unbroken chain is a verifiable record of everything that entered the system and everything that was asked of it.
The compliance panel
Below the top-line numbers, a compliance status panel gives the CISO a quick view of every major control and whether it is passing. Green means auditor-ready. Amber means in progress. The status is generated from actual system state, not manually updated.
| Control | Status |
|---|---|
| Network isolation | ● enforced |
| Ingestion audit chain | ● 0 gaps verified |
| Query audit chain | ● 0 gaps verified |
| Continuous egress proof | ● 0 pkts / 90 days |
| Monthly evidence report | ◐ due Mar 31 |
Each row is generated from live system state. Nothing here is manually maintained.
The provable isolation strip
For customers with the most stringent requirements, we surface a dedicated section that puts the proof numbers front and center. These are the numbers a compliance officer screenshots for a board deck or an auditor's evidence package.
| Number | What it proves | How it's generated |
|---|---|---|
| 0 egress events | RAG containers have no internet access | tcpdump · 24/7 continuous · SHA-256 hash-chained |
| 0 audit chain breaks | Every event is recorded and unmodified | ingestion + query logs · hash-chained |
| 271 approved sources ingested | All data comes from allowlisted sources | allowlisted · scanned before ingest |
| 14,382 queries served locally | No cloud API calls for inference | fully local inference · no data leaves perimeter |
What this replaces
The alternative to this dashboard is a compliance questionnaire — a document where someone checks boxes claiming that data is isolated, that logs are maintained, that the system is monitored. That document is written once, reviewed annually, and trusted implicitly in between. It has no connection to the actual running system.
The approach described here replaces that document with something that is always current, always generated from actual state, and always verifiable. The hash chain can be inspected. The packet captures can be provided to an auditor. The network diagram was generated this Monday from live Docker state, not drawn during the sales process.
For a regulated enterprise — healthcare, finance, legal, government — that difference is the difference between a vendor who says the right things and a vendor who can prove them. The market for the latter is considerably less crowded.