What is Operational Truth™?
Operational Truth™ in Opsfolio means knowing, with evidence, whether an organization's security, safety, and compliance posture matches what it claims, requires, and promises.
Intent as Code
Opsfolio treats compliance, safety controls, and security requirements as code-defined intent, not static documents. Your requirements are declarative, reviewable, versioned, and machine-readable—similar to a requirements document in software engineering.
Evidence from Reality
Operational Truth™ emerges when code-defined intent is continuously compared against real-world operational evidence. This is not about documentation alone—it's about provable alignment between compliance intent and operational reality.
Expected Controls vs. Observed Evidence
The distinction between what should exist and what actually exists is central to Opsfolio's model of Operational Truth™.
Expected Controls
Intent as CodeExpected Controls represent what should exist from a security, safety, or compliance perspective. They answer the question: "What controls, safeguards, and behaviors are required to exist?"
Derived from:
- Regulations and standards (ISO, SOC 2, PCI DSS, HIPAA, safety standards, internal policies)
- Risk assessments and control frameworks
- Compliance-as-Code definitions
- Approved procedures, playbooks, and guardrails
- Organizational commitments and audit requirements
Observed Evidence
Operational RealityObserved Evidence represents what is actually happening in the environment. It answers the question: "What controls and behaviors actually exist right now?"
Includes:
- System state, configurations, and runtime signals
- Logs, scans, telemetry, and inspection results
- Test executions, safety checks, and control validations
- Human workflows and process execution evidence
Operational Truth™ Through Continuous Comparison
Operational Truth™ in Opsfolio is the continuous comparison of Expected Controls and Observed Evidence. This comparison is the foundation of Opsfolio's value.
Missing Evidence
If an Expected Control has no matching Observed Evidence, Opsfolio treats this as a failure of operational truth™.
Expected ≠ Observed = Truth Gap
Unmanaged Evidence
If Observed Evidence exists without a corresponding Expected Control, Opsfolio treats this as unmanaged risk.
Observed without Expected = Unmanaged Risk
When Expected Controls Are Missing in Reality
If a required control or safeguard is expected but cannot be validated through evidence, Opsfolio surfaces this as one of the following:
Security Risk
Missing or degraded controls increase exposure to threats
Safety Risk
Procedures or safeguards are not actually being followed
Compliance Failure
Audit claims cannot be substantiated
Operational Breakdown
Processes exist on paper but not in practice
From an Operational Truth™ perspective, unverified controls are equivalent to nonexistent controls.
When Evidence Exists Without Defined Intent
If Opsfolio detects evidence of behavior, systems, or processes that are not defined in compliance intent, this indicates:
Shadow processes or undocumented workflows
Control drift and policy erosion
Bypassed approvals or governance gaps
Potential security or safety violations
In Opsfolio, anything not defined as code-defined intent is treated as risk until explicitly acknowledged.
Compliance as Code: The Source of Truth
Opsfolio encodes compliance, safety, and security requirements as executable, testable artifacts. Compliance as Code is the mechanism that makes Operational Truth™ possible.
Define Expected Controls
Encode requirements as versioned, machine-readable artifacts
Drive Validation
Automated and manual validation against real evidence
Produce Evidence
Traceable, auditable evidence tied to controls
Support Audits
Ready for certifications and regulatory reporting
Operational Truth™ is not a static snapshot—it is continuously computed as code-defined intent meets real-world evidence.
Why Operational Truth™ Matters
Opsfolio's version of Operational Truth™ enables organizations to:
Prove compliance instead of asserting it
Detect security and safety gaps early
Eliminate documentation drift
Replace checkbox audits with living evidence
Align engineering, operations, security, and compliance around a single source of truth
Operational Truth™ in Opsfolio means:
"What we require, what we operate, and what we can prove are always aligned."