How audits work

What DLI sees when they audit your program.

Minn. Stat. § 326B.198, subd. 3 requires providers to maintain records of certified installers, session records, exam records, card issuance records, and refresher records. BoreReady ships REPORT-EXAM today; the four other artifact types are sequenced into upcoming slices, with target windows in our roadmap.

The five record types

Each card below shows the artifact's spec and its shipping status. Available now = exposed in the trainer portal today. Roadmap = spec'd, sequenced, and tracked toward an upcoming release.

Certified-installer roster (REPORT-ROSTER) Roadmap

One row per installer you've certified — installer ID, legal name, card ID, cert status, initial issue date, current expiration, last refresher completion. Filterable by date range and cohort.

Training session records (REPORT-SESSION) Roadmap

One row per cohort: session ID, course type, start/end dates, location, instructor, enrolled/completed/passed counts, classroom + hands-on hour totals.

Exam administration records (REPORT-EXAM) Available now

The primary audit artifact, shipped. One row per exam attempt — 15 required fields including exam version, approval reference, score by domain (JSON), waiting-period honored, correction-of-attempt chain. Append-only: corrections create new rows. Available behind the trainer login at /trainer/audit; email Jordan for a sample CSV against your DLI license number.

Card issuance records (REPORT-CARD) Roadmap

One row per issuance — issuance ID, card ID, installer ID, issuance type (initial/renewal), triggered-by exam attempt or refresher completion, delivery method, revocation status.

Refresher completion records (REPORT-REFRESHER) Slice 2

One row per refresher cycle — cycle #, course DLI number, start/completion dates, hours completed, instructor sign-off, resulting expiration date. Sequenced for Slice 2 (refresher workflow).

CSV format

  • UTF-8 encoding, comma-separated, header row required
  • ISO-8601 dates
  • CSV-injection-safe — any string beginning with =, +, -, or @ is prefixed with a single apostrophe (OWASP guidance)
  • Filename convention: {provider_slug}_{report_type}_{YYYY-MM-DD}.csv

Immutability guarantees

Exam attempts are append-only. Cert records, audit trail rows, and exam approvals follow the same pattern. Every state change writes an audit breadcrumb — the historical record cannot be silently rewritten.

See it end-to-end For providers overview