Introducing the Compliance and Audit Trail System
Introducing the Compliance and Audit Trail System
Available from v1.0.48
Maintaining a complete, trustworthy record of everything that happens inside your enterprise platform is no longer optional — regulators, auditors, and customers expect it. Version 1.0.48 ships a full Compliance and Audit Trail System that brings comprehensive audit logging, pre-built compliance reports, and automated monitoring to every tenant on the platform.
What's Included
Comprehensive Audit Logging
Every action taken within the platform — whether by an end user, an administrator, or an AI agent — is captured in an immutable audit log. Each log entry records:
- Who performed the action (user ID, role, and session context)
- What resource was affected (entity type and identifier)
- When the action occurred (UTC timestamp)
- What changed (before and after state for mutations)
- How the action was initiated (UI, API, automated workflow)
Logs are write-once and cannot be modified or deleted by any user, including platform administrators.
Compliance Reporting
Pre-built report templates are available for the most common regulatory frameworks:
| Framework | Coverage |
|---|---|
| SOX (Sarbanes-Oxley) | Financial data access, change management, privileged user activity |
| GDPR | Personal data access, consent records, data subject requests |
| Industry Regulations | Configurable templates for sector-specific requirements |
Reports can be:
- Generated on demand from the Compliance dashboard
- Scheduled for automatic generation and delivery (daily, weekly, monthly)
- Exported in PDF or CSV format for submission to auditors or regulators
Automated Compliance Monitoring
The platform continuously evaluates activity against a configurable set of compliance rules. Out of the box, monitoring covers scenarios such as:
- Excessive privilege escalation attempts
- Access to sensitive data outside business hours
- Mass data exports or deletions
- Changes to security or compliance configuration
Administrators can extend or tune these rules from Settings → Compliance → Monitoring Rules.
Real-Time Alerting
When a monitoring rule is triggered, the system immediately notifies designated compliance officers via:
- In-platform notification centre
- Webhook (for integration with SIEM or ticketing systems)
Each alert includes a direct link to the relevant audit log entries, so investigators can review context without manual log searches.
Getting Started
Accessing Audit Logs
- Navigate to Compliance → Audit Log in the main navigation.
- Use the filters (date range, user, resource type, action) to narrow results.
- Select any log entry to view its full detail, including before/after state.
Running a Compliance Report
- Navigate to Compliance → Reports.
- Select a report template (e.g. SOX — Privileged Access Review).
- Set the reporting period and click Generate Report.
- Download the output or schedule recurring generation.
Configuring Monitoring Rules
- Navigate to Settings → Compliance → Monitoring Rules.
- Review the default rule set and enable or disable individual rules.
- To customise a rule, click Edit and adjust thresholds or scope.
- Assign alert recipients under Settings → Compliance → Alert Recipients.
Permissions and Access Control
Access to compliance features is governed by the existing RBAC system. The following built-in roles have default access:
| Role | Audit Logs | Reports | Monitoring Rules | Alert Config |
|---|---|---|---|---|
| Super Admin | Full | Full | Full | Full |
| Compliance Officer | Read | Full | Read | Read |
| Auditor | Read | Read | None | None |
| Standard User | Own records only | None | None | None |
Custom roles can be granted granular compliance permissions from Settings → Roles.
Frequently Asked Questions
Are audit logs stored per tenant? Yes. Each tenant's audit log is fully isolated. Platform-level administrators cannot access tenant audit data unless explicitly granted cross-tenant permissions.
How long are audit logs retained? The default retention period is 7 years to satisfy common regulatory requirements. Retention policies can be adjusted by contacting your account administrator.
Can I integrate audit log data with my SIEM? Yes. Audit log events can be streamed to external systems via webhooks or the Audit Log API (see the API Reference for details).
Does this affect platform performance? Audit logging is asynchronous and has negligible impact on request latency. Compliance monitoring runs as a background process and does not affect the critical path.