Platform Overview

Audit Logging & Activity Feed

Immutable, searchable records of every action taken in your compliance program — essential for audit readiness.

Updated March 20265 min read

On this page

What Gets Logged

ComplyWise records an audit event for every significant action in the platform. Audit events are immutable — once written, they cannot be modified or deleted by any user, including admins. Events include a timestamp, the acting user, the action taken, the resource affected, and contextual metadata such as IP address and user agent.

  • Authentication events: login, logout, failed attempts, MFA challenges
  • Scan operations: initiated, completed, failed, with result summaries
  • Evidence uploads and modifications
  • Control status changes and UCF assessment updates
  • Configuration changes: integrations added/removed, framework selections, user role changes
  • Report generation and export actions

Activity Feed

The Activity Feed in the admin panel provides a chronological view of all audit events for your tenant. Events can be filtered by user, action type, resource type, and date range. The feed is available to Admin and Auditor roles.

  • Real-time feed of platform activity
  • Filter by user, action, resource, and date range
  • Click-through to the affected resource for context
  • Exportable for external audit tooling

Storage & Retention

Audit logs are stored in a dedicated, tamper-resistant data store. Events are indexed for fast retrieval across multiple dimensions including user, action, and time range. Retention is configurable per tenant — the default provides extended retention, and Enterprise customers can configure indefinite retention.

  • Indexed for fast search across millions of events
  • Extended default retention, configurable per tenant
  • Enterprise: indefinite retention with automated archival
  • Archived logs remain searchable via the admin panel

Integration with Compliance Controls

Audit logging directly satisfies multiple compliance controls across frameworks. SOC 2 CC7.2 (monitoring), ISO 27001 A.12.4 (logging and monitoring), HIPAA §164.312(b) (audit controls), and NIST CSF DE.CM (continuous monitoring) all require comprehensive activity logging. ComplyWise's audit infrastructure provides automatically generated evidence for these controls.

  • SOC 2 CC7.2 — System monitoring and anomaly detection
  • ISO 27001 A.12.4 — Event logging and log protection
  • HIPAA §164.312(b) — Audit controls and activity review
  • NIST CSF DE.CM — Continuous monitoring of information systems

Tamper Protection

Audit events are write-once. The platform does not expose any endpoint or function to modify or delete audit records. Append-only constraints ensure tamper resistance. This immutability is critical for satisfying audit requirements that demand tamper-resistant logging.

  • No UPDATE or DELETE operations on audit records
  • Append-only write constraints enforced at the storage layer
  • Audit events include integrity verification mechanisms
  • Regular integrity verification runs for compliance evidence
Role-Based Access ControlUnified Control Framework (UCF)
← Back to Documentation