Audit Logs & Compliance

NirmIQ provides comprehensive audit logging for compliance with SOC 2, GDPR, FDA 21 CFR Part 11, and other regulatory frameworks.

Overview

The audit system tracks:

All data changes - Create, update, delete operations on projects, requirements, and FMEA
User authentication - Login attempts, successes, and failures
Security events - Cross-organization access attempts, rate limiting, suspicious patterns
Data exports - Downloads and exports for GDPR compliance
Administrative actions - User management, configuration changes

Accessing Audit Logs

Navigate to Admin in the left sidebar
Click Audit Logs tab
View, filter, and export audit data

Required Permissions

Admin: View organization's audit logs
Super Admin: View all audit logs across organizations

Audit Trail

Tracked Actions

Action	Description
`create`	New record created (project, requirement, FMEA)
`update`	Existing record modified
`delete`	Record deleted
`login`	Successful user authentication
`login_failed`	Failed login attempt
`export`	Data exported (Excel, CSV, PDF)
`import`	Data imported
`permission_change`	User role or access modified

Logged Information

Each audit entry includes:

Timestamp - Exact date and time (UTC)
User - Email of the user who performed the action
Action - Type of operation
Resource - Type and ID of affected item
Changes - Before/after values for updates
IP Address - Client IP address
Success/Failure - Whether the action succeeded
Failure Reason - Why an action failed (if applicable)

Security Events

Security events are high-priority alerts requiring attention:

Event Types

Event Type	Severity	Description
`login_failed`	Medium	Failed login attempt
`login_failed_locked`	High	Account locked after multiple failures
`cross_org_access`	High	Attempted access to another organization's data
`rate_limit`	Medium	Rate limit exceeded
`suspicious_pattern`	High	Unusual login pattern detected
`bulk_delete`	Medium	Large-scale deletion operation
`data_export`	Low	Data export for compliance tracking

Acknowledging Events

Security events require acknowledgment:

View unacknowledged events (shown with red background)
Click Acknowledge to mark as reviewed
Your name and timestamp are recorded

Filtering & Search

Available Filters

Action - Filter by action type (create, update, delete, etc.)
Resource Type - Filter by resource (project, requirement, fmea)
User Email - Search by user
Date Range - Specify start and end dates

Quick Filters

Last 24 hours
Last 7 days
Last 30 days
Failed actions only

Exporting Audit Logs

Export audit logs for compliance reporting or external analysis.

Export Formats

CSV - For spreadsheet analysis
PDF - For formal compliance reports (coming soon)

Export Steps

Apply desired filters
Click Export CSV button
File downloads automatically

Export Limits

Maximum 10,000 records per export
Use date filters for larger datasets

Compliance Features

SOC 2 Compliance

7-year retention for audit logs
Immutable records - cannot be modified or deleted
Complete trail - all access and changes logged

Data access logging - tracks who accessed what data
Right of access - generate user data reports
Data export tracking - all exports are logged

FDA 21 CFR Part 11

User attribution - all actions tied to specific users
Timestamp accuracy - server-side timestamps
Change tracking - before/after values for updates
Digital signatures - see Digital Signatures

Dashboard Summary

The audit dashboard shows key metrics:

Events (24h) - Actions in the last 24 hours
Active Users - Unique users who performed actions
Failed Actions - Operations that failed
Security Alerts - Unacknowledged security events

Action Breakdown

View the distribution of actions over the last 30 days to understand usage patterns.

Best Practices

Regular Review

Daily: Check for unacknowledged security events
Weekly: Review failed action trends
Monthly: Export and archive logs
Quarterly: Full compliance audit

Security Monitoring

Set up alerts for critical security events
Investigate patterns of failed logins
Monitor cross-organization access attempts

Retention

Audit logs are retained for 7 years by default
Meets SOC 2 and FDA 21 CFR Part 11 requirements
Contact support for custom retention policies

API Access

Audit logs are available via API for integration with SIEM systems:

GET /admin/audit-logs?page=1&limit=50
GET /admin/audit-logs/export?format=csv
GET /admin/security-events
GET /admin/audit-summary

See API documentation for authentication and parameters.

Troubleshooting

No Logs Showing

Ensure you have Admin or Super Admin role
Check if audit tables exist (Migration 025)
Verify date filters aren't excluding results

Export Failing

Check for very large date ranges
Use filters to reduce dataset size
Contact support for bulk exports

Overview​

Accessing Audit Logs​

Required Permissions​

Audit Trail​

Tracked Actions​

Logged Information​

Security Events​

Event Types​

Acknowledging Events​

Filtering & Search​

Available Filters​

Quick Filters​

Exporting Audit Logs​

Export Formats​

Export Steps​

Export Limits​

Compliance Features​

SOC 2 Compliance​

GDPR Compliance​

FDA 21 CFR Part 11​

Dashboard Summary​

Action Breakdown​

Best Practices​

Regular Review​

Security Monitoring​

Retention​

API Access​

Troubleshooting​

No Logs Showing​

Export Failing​

Related Documentation​