Audit Log

An audit log is a hard requirement for GDPR Article 30 records of processing activities and for demonstrating accountability to data subjects, regulators, and auditors. Organizations receiving Bufdir funding are subject to public-sector transparency requirements that necessitate traceable records of data access and administrative decisions. Without immutable audit trails, the platform cannot support incident response, insider threat detection, or data breach notifications within the 72-hour GDPR window. For global admins managing multiple organizations, the audit log is also the primary tool for cross-tenant governance and support escalations where access to org data must itself be auditable.

The audit_logs table stores event_type, actor_id, actor_role, target_entity_type, target_entity_id, organization_id, ip_address, user_agent, and a JSON metadata blob. The AuditService is a shared backend utility called by all write operations and authentication flows - it must never be bypassed. Write operations use INSERT-only semantics; no UPDATE or DELETE is permitted on audit_logs rows (enforce via a database-level trigger or role permission). The Audit Log page in the admin portal is a paginated, filterable table rendered server-side. Indexes on (organization_id, created_at) and (actor_id, created_at) are required for query performance. For Global Admin views, cross-tenant queries must be explicitly opt-in and themselves logged. Consider a separate audit_log write role in PostgreSQL to enforce append-only access from the application layer.