Back to the Atlas
Platform Foundation

Audit Trail

Immutable audit events for every privileged action — who, what, when, where, why. Sealed audit path, exportable for compliance reviews.

Why this matters for enterprise procurement

When a regulator or your client asks 'who changed this employee's compensation last June?', you need an answer in minutes — not a forensic week. FrontLine writes an audit event for every privileged action: changes, approvals, denials, exports, role grants, IdP rotations. Events are immutable and tamper-evident.

How it's implemented

Sealed at the database, queryable when auditors arrive

Audit events are emitted from the API service via an append-only write path to a dedicated audit table. Each event captures: actor (user + role + IdP), tenant + client + LOB scope, action verb, target entity, before/after values for changes, request ID, IP, user agent, and timestamp. The table is enforced append-only at the database level — no UPDATE or DELETE statements are permitted, even by the application role. Event retention defaults to 7 years and is configurable per regulatory regime.

Capabilities

What's covered out of the box

Every CREATE, UPDATE, DELETE on privileged entities emits an event
Before/after value capture on updates (with PII redaction rules)
Append-only at the DB layer — no programmatic delete
Searchable audit log viewer in the Compliance Dashboard
PII access events specifically flagged with anomaly detection
Export to CSV, JSON, or SIEM stream
Webhook firehose for real-time SOC integration
Cryptographic chain hash (preview) for tamper evidence
Standards & compliance

Audit-ready artifacts your reviewers can lean on

  • SOC 2 Type II — change management + monitoring
  • PIPEDA accountability principle
  • ISO/IEC 27001 A.12.4 Logging and monitoring
  • Default 7-year retention; configurable per jurisdiction
Procurement FAQ

What security and compliance reviewers actually ask

Can audit events be modified or deleted?+
Not by the application. The audit table is append-only at the database level. Privileged DBA-level deletion is gated behind a separate audited procedure and would itself be logged.
How long are audit events retained?+
Default 7 years to satisfy SOC 2 and most enterprise retention policies. Configurable per tenant for jurisdiction-specific requirements.
Can we stream audit events to our SIEM?+
Yes. We support a webhook firehose that delivers signed events to your endpoint within seconds, with at-least-once delivery and replay-from-cursor support.
Are PII access events distinguishable from regular activity?+
Yes. Access to PII-flagged columns emits a separate `pii.read` event with the specific fields touched. The Compliance Dashboard surfaces these with anomaly detection.

Run this past your security team

We share security overviews, RLS policy DDL, audit-event schemas, and SOC 2 progress on request. Book a 30-minute security review with the founders.

Book a security reviewBack to the Atlas
Request Early Access
Audit Trail — FrontLine Platform | FrontLine