Audit Trail
Immutable log of every change made in your workspace
What Gets Logged
Anzen records an audit log entry for every create, update, and delete operation across the platform. Whenever a user creates a ticket, modifies a control, updates a user account, or deletes a configuration item, the change is captured with full before-and-after detail.
What Each Entry Captures
Every audit log entry records:
- Who — the user who performed the action.
- What area — the type of record affected (e.g. tickets, controls, users).
- Which record — the specific record that was changed.
- Which field — the field that changed (for updates).
- Previous value — what the field contained before the change.
- New value — what the field contains after the change.
- When — the timestamp of the change.
Immutability
Audit log entries are append-only. Once written, they cannot be modified or deleted — not even by superadmins. This ensures the integrity of the audit trail for compliance purposes and forensic investigations.
Filtering
The audit trail can be filtered to find specific changes:
- By area — view only changes to tickets, controls, users, etc.
- By record — see all changes made to a specific record.
- By user — see all actions performed by a particular user.
Coverage
The following areas are covered by the audit trail:
- Tickets (incidents, problems, changes)
- Controls and control tests
- Issues
- Users, groups, and roles
- Entities
- Configuration items
- Applications
- Business processes
- Vendors and types
Purpose
The audit trail serves three key purposes:
- Compliance — demonstrate to auditors exactly who changed what, when, and why. Essential for frameworks like ISO 27001 and SOC 2.
- Forensics — investigate incidents by tracing the sequence of changes that led to a problem.
- Accountability — provide a transparent record that holds team members accountable for their actions in the system.