All Docs
FeaturesMaking Tax DigitalUpdated February 27, 2026

Audit Logging for Sensitive Read Operations

Audit Logging for Sensitive Read Operations

Introduced in: v1.0.247 Compliance frameworks: SOC 2 CC7.2, ISO 27001 A.12.4

Overview

From v1.0.247, the platform audit-logs every access to sensitive government identifiers and financial credentials — not just write or modification events. This applies to:

  • HMRC OAuth tokens read via loadHmrcTokens()
  • National Insurance Numbers (NINO) read via loadNino() or through the user router
  • Bank PII decrypted by any PII-handling function in src/lib/hmrc/client.ts

This ensures a full forensic trail for all sensitive data access events, meeting the requirements of SOC 2 CC7.2 and ISO 27001 A.12.4.

Why Read Operations Must Be Logged

For services that handle government identifiers (NINOs) and financial credentials (HMRC tokens), regulators and security frameworks require that access to sensitive data is traceable regardless of whether the data was modified. Without read-level audit logs:

  • Unauthorised access to NINO or HMRC tokens would leave no forensic trace.
  • Incident investigations could not determine the full scope of a data exposure.
  • SOC 2 and ISO 27001 audits would identify a gap in monitoring coverage.

Audit Event Structure

Each audit event is written via logAudit() and includes the following fields:

{
  "action": "nino.accessed",
  "userId": "usr_xxxxxxxx",
  "orgId": "org_xxxxxxxx",
  "context": "loadNino",
  "timestamp": "2025-01-01T00:00:00.000Z"
}

Defined Event Actions

actionWhen it fires
hmrc.token.accessedAny call to loadHmrcTokens()
nino.accessedAny call to loadNino() or a NINO read via the user router
bank.pii.decryptedAny decryption of bank PII

Performance Characteristics

All logAudit() calls for read operations are non-blocking (fire-and-forget). They are dispatched asynchronously and do not add latency to the read path. A failure in the audit log write will not cause the originating read operation to fail.

Compliance Mapping

SOC 2 — CC7.2: System Monitoring

CC7.2 requires that the organisation monitors system components to detect anomalies that could indicate security events. Logging read access to HMRC tokens and NINOs provides the event data necessary to detect and investigate anomalous access patterns.

ISO 27001 — A.12.4: Logging and Monitoring

A.12.4 requires that event logs recording user activities, exceptions, faults, and information security events are produced, kept, and regularly reviewed. Logging sensitive read operations directly satisfies the requirement to record user activities involving protected information assets.

Related Files

  • src/lib/hmrc/client.ts — Contains loadHmrcTokens(), loadNino(), and PII decryption functions with logAudit() calls.