Audit Logs
Every action in AlignSure is logged in an immutable audit trail. Logs cannot be modified or deleted by any user, including Administrators.
What Is Logged
Section titled “What Is Logged”| Category | Examples |
|---|---|
| Authentication | Sign-in, sign-out, failed attempts |
| Document actions | Upload, review, annotate, approve, reject |
| Role changes | Assignment, modification, removal |
| Configuration changes | Framework activation, calendar modification, integration setup |
| Evidence actions | Package generation, export, submission |
| AI interactions | Copilot queries and responses |
Log Entry Structure
Section titled “Log Entry Structure”Each log entry contains:
- Timestamp — UTC
- Actor — Microsoft identity (UPN / email)
- Action — What was performed
- Target — The document, user, or configuration affected
- Details — Action-specific metadata
- IP address — Source of the request
Accessing Logs
Section titled “Accessing Logs”Administration → Audit Logs
- Filter by date range, actor, action type, or target
- Full-text search across log entries
- Real-time streaming of new entries
Export
Section titled “Export”Audit logs can be exported in:
- CSV format for spreadsheet analysis
- JSON format for integration with SIEM tools
- PDF format for audit evidence packages
Exports include the full log entry with all fields. Export actions are themselves logged.
Retention
Section titled “Retention”Audit logs are retained for a minimum of 6 years, consistent with HIPAA record retention requirements. Logs are not automatically purged. Customers can request extended retention.