# Compliance report overview (ACM) {% hint style="success" %} **Access Type**: Compliance Report - Editor **Premium Feature**: Advanced Compliance Monitoring {% endhint %} The compliance report offers insight into how your website behaves when accessed, as well as validation that vendors and trackers are also being triggered as expected. In addition to the data available through a traditional compliance report, Advanced Compliance Monitoring (ACM) adds data and filters related to the different bot scenarios. In this article, we provide an overview of the data included in the following tabs of the compliance report when your organization has the Advanced Compliance Monitoring (ACM) module enabled: * [Didomi rating ](#didomi-rating) * [Trackers](#trackers) * [Vendors](#vendors) * [Compliance issues](#compliance-issues) * [Reference: User behaviour calculation](#reference-user-behaviour-calculation) {% hint style="info" %} For your convenience, we are presenting below a complete overview of the compliance report below. {% endhint %} Navigate to a compliance report by clicking **Advanced Compliance Monitoring** on the left-hand panel and selecting **Details** inline with a domain on the subsequent page.

*** ### Didomi rating The Didomi rating is a custom assessment made by Didomi that evaluates the domain based on a variety of factors such as: * number of trackers dropped despite refusal * number of vendors triggered despite refusal * presence of a CMP * presence of a privacy policy * using security tools The above factors are given a specific weight in the calculation and produces a score from 0 to 100. This score is then represented in the Didomi Rating as 0 to 4 stars.

### Trackers Click the **Trackers** tab to review data on the trackers discovered on the domain for the compliance report.

The data on the trackers tab can be filtered by the following parameters:

Filter	Description
Type	There are four types of trackers: Cookie - Small block of data placed on the end-user's device while. Cookies will expire based on their settings. Pixel - an HTML code snippet which is loaded when an end-user visits a website or opens an email. Pixels are useful for tracking end-user behavior and conversions. Web storage - Enables a party to access a local storage object and store data in the browser with no expiration date. Data stored in the browser will persist even after the browser window has been closed. Indexed DB - Client-side storage mechanism within web browsers, designed to allow web applications to store large amounts of structured data locally on the user's device for offline functionality and performance enhancements
1st/3rd-party	Trackers can be categorized into 1st-party or 3rd-party depending on which entity has triggered the dropping of the tracker. If the website itself is dropping a tracker then it will be counted as a 1st-party tracker. A tracker dropped by a vendor will be counted as a 3rd-party tracker. Note: Cookies can be created by a vendor (initiator) but still be dropped by the website itself (e.g. tag managers). In this case, the tracker is considered a 1st-party tracker.
Lifetime	Lifetime of the tracker before it expires.
Exemption	If the tracker is configured as consent-exempt in the tracker policy for the domain

For each tracker dropped on the domain in the compliance report Didomi will provide the following information when your organization has Advanced Compliance Monitoring enabled: {% hint style="warning" %} **Note**: The difference between a vendor and initiator is that: * **Vendor** - requests a tracker to be launched. They have has access to the data and are responsible of the data treatment * **Initiator** - the party that is technically called by the **Vendor** to launch the tracker {% endhint %}

Field	Description
Tracker name	Name of the tracker as found on the domain
Domain	Domain of the tracker
1st/3rd party	Indicates whether the tracker is categorized as a 1st-party or 3rd-party tracker. See filter table above for more information.
Initiator	Initiator of the tracker
Vendor	Name of the initiator that launched the tracker
Type	Indicates whether the tracker is a cookie, pixel, web storage, or Indexed DB. See filter table above for more information.
Lifetime	Lifetime of the tracker before it expires
Flagged cookies	Icons indicate if the tracker meets one of the following criteria: Non-secure: Cookies must declare whether they are secure or non-secure within their values. If there is no secure flag, then the cookie is not encrypted. If the cookie is secure, the cookie's confidentiality is protected from attackers. For cookies that store sensitive or personal information it is recommended at a minimum that secure cookies are used. Persistent: Stores information in the end-user’s browser for a long time. Large: (> 100 bytes)
User behaviour	Click here for more information on how the user behaviour is calculated.
Ran scenarios	Scenario in which the tracker was dropped
Purposes	Purposes mapped to the tracker in the tracker policy for the domain
Exemptions	Indicates if the tracker is configured as consent-exempt in the tracker policy for the domain

### Vendors Click the **Vendors** tab to review data on the vendors discovered on the domain for the compliance report.

The data on the vendors tab can be filtered by the following parameters:

Filter	Description
TCF/Non-TCF	Filters list of vendors into either: Vendors who belong to the IAB Transparency and Consent Framework (TCF) Vendors who do not belong to the IAB Transparency and Consent Framework (TCF)
Processing rule	Filters list of vendors by the legal bases used
User behaviour	Filters list of vendors by the action executed by the Didomi bot when the vendor was triggered.

Filter

Description

TCF/Non-TCF

Filters list of vendors into either:

Vendors who belong to the IAB Transparency and Consent Framework (TCF)
Vendors who do not belong to the IAB Transparency and Consent Framework (TCF)

Processing rule

Filters list of vendors by the legal bases used

User behaviour

Filters list of vendors by the action executed by the Didomi bot when the vendor was triggered.

For each vendor discovered on the domain in the compliance report Didomi will provide the following information:

Field	Description
Name	Name of the vendor
Country	Country where the vendor has its headquarters
TCF ID	If vendor is a member of the IAB TCF then Didomi will display the vendor's IAB TCF ID.
Processing rule	Legal base used by the vendor
Requests for tags	Number of requests that the vendor has performed
User behavior	Click here for more information on how the user behaviour is calculated.
Ran scenario	Scenario in which the vendor was triggered

Additional information for a particular vendor can be viewed by clicking the name of the vendor from the list. A subsequent modal will provide the following information for the vendor: * Whether vendor is a member of the IAB TCF * Privacy policy * Domains owned by the vendor according to the Didomi database * Trackers dropped by the vendor on your domain * Vendors who requested this particular vendor * Vendors who were initiated by this particular vendor

In addition to the table view of vendors found on the domain, Didomi also provides an interactive graph that visualizes how vendors are being requested on the domain. Select any vendor on the graph to highlight how it is called on your domain and which vendors it subsequently calls on your domain. {% hint style="info" %} The graph also includes a filter that enables your organization to filter the visualization by scenario. {% endhint %}

### Compliance issues For every compliance report generated on a domain Didomi will catalogue any potential problems as it pertains to GDPR compliance in the **Compliance issues** tab of the report. These issues and recommendations are based on Didomi's extensive knowledge of the data privacy landscape but should **not** be taken as legal advice. Rather, use the catalogued issues and recommendations as a starting point with your Data Protection Officer (DPO) before taking any action. Click the **Compliance issues** tab to review the issues catalogued for the compliance report. {% hint style="info" %} Expand the accordion for certain compliance issues for more detailed information. {% endhint %}

Issues	Description
The Privacy Policy is not accessible from every page of the website	Didomi bot was unable to access your organization's privacy policy on at least one page for the domain. Note: This issue does not mean the privacy policy does not exist on the page but that the bot was unable to detect it during the scraping session. This issue can arise from how your privacy policy is worded.
No CMP was detected on the website	Didomi bot did not encounter a consent management platform (CMP) to provide end-user consent.
The privacy policy does not seem to provide a way to opt out	Didomi bot was unable to find a link/button in the privacy policy that allows an end-user to manage their consent preferences.
The consent notice doesn’t provide information about purposes and vendors	Didomi bot unable to find information about vendors and purposes your organization uses to process end-user data in the consent notice.
Number of trackers that have lifetime longer than 13 months which is not recommended by GDPR	Didomi bot discovered cookies dropped on domain with lifetimes exceeding 13 months. Ask the vendor dropping the cookies to reduce the lifetime of the cookie to to delete it completely. Click here to learn more.
Number of vendors or initiators that are unknown to our database, review them to be sure they are legit	Vendor or initiator found on domain is not known in the Didomi database. Avoid this issue in future compliance reports by manually matching the vendor. Click here for more information.
A Cookie Policy wasn’t found	Didomi bot unable to find cookie policy on domain.
Number of trackers dropped despite user not making a choice	Didomi bot discovered trackers on domain when the end-user did not make a consent decision.
Number of trackers dropped despite user refusing consent	Didomi bot discovered trackers on domain when the end-user explicitly refused consent.

### Reference: User behaviour calculation Refer to the table below for how Didomi calculates the value for the **User behaviour** field within the compliance report tabs:

Conditions	User behaviour
Tracker/vendor present only in an Accept all scenario	Consent to all
Tracker/vendor present only in a Refuse all scenario	Refuse to all
Tracker/vendor present in Refuse all and Accept all scenarios	Refuse to all
Tracker/vendor present only in No action scenario	No CMP choice
Tracker/vendor present only in No action and Accept all scenarios	No CMP choice
Tracker/vendor present in No action and Refuse all scenarios	No CMP choice

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.didomi.io/advanced-compliance-monitoring-acm/compliance-report-acm/compliance-report-overview-acm.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.