HomeSecurity & Governance › Audit & compliance logging

Audit & compliance logging

Purpose: Be able to prove who did what — content, permissions, code and config — with evidence that survives scrutiny.

Who this page is for

AudienceWhy it matters to you
Tech leadsEvidence owners
Platform engineersPlumbing owners

The questions an auditor (or incident) asks

QuestionEvidence source
Who changed this page and when?Page audit log (cq audit events) + versions
Who published it?Replication/audit events; workflow history if via approval (Lab 9 trail)
Who had access to X on date Y?Group membership snapshots (periodic export — point-in-time answers need point-in-time data)
Who changed permissions?ACL change events + the change request that authorised it
What code/config was live on date Y?Git tags + deployment records (pipeline annotations)
Who logged in / failed to?Auth logs shipped to the log platform (log management)

Plumbing principles

The recurring reviews (calendar, owner, artefact)

ReviewCadenceArtefact
Access review (groups vs business owners)QuarterlySigned-off membership report (governance)
Service-user grant reviewQuarterlyACL dump + justifications (service users)
Admin/break-glass usageMonthlyUsage log with reasons
Audit pipeline healthMonthly"Is the evidence still flowing" check — discovering at audit time it stopped in March is the classic

Quick navigation