Audit Log

Audit logging is foundational for organizations receiving government funding and accountable to Bufdir. It enables post-incident forensic investigation with a reliable timeline of who did what and when. The per-organization audit trail enforces tenant isolation: Global Admin support access is automatically logged so organizations always have a record of external access to their data. This satisfies GDPR accountability principles and builds trust with privacy-sensitive organizations handling health and disability data. Without audit logs, demonstrating compliance would require manual reconstruction from multiple data sources, increasing risk and administrative burden significantly.

The audit_logs table stores structured entries with actor_id, actor_role, action_type, target_entity, target_id, organization_id, and timestamp. All write operations in sensitive domain services (user management, role assignment, organization settings) emit audit events via a shared AuditLogService helper injected at the service layer. The admin page uses server-side rendering with cursor-based pagination. Filtering by actor, action_type, and date range uses parameterized SQL queries. Entries are immutable - no UPDATE or DELETE path exists in application code. CSV export uses a streaming response handler to avoid memory limits on large organizations with high audit volumes.