Audit Trail
GOVERN maintains an immutable audit trail of every governance event: assessments, policy changes, alert responses, remediation actions, and user operations. The audit trail is the evidentiary foundation of your compliance program.
What is logged
| Event type | Detail captured |
|---|---|
| Assessment | System, timestamp, score, violations, action, policy version |
| Policy change | Author, timestamp, diff of changed settings |
| Alert response | Responder, timestamp, action taken, note |
| Remediation | All state transitions with author and timestamp |
| User operations | Login, permission changes, setting changes |
| Discovery events | Agent ID, discovered system, action taken |
Searching the audit trail
Go to Audit Trail in the main navigation. Filter by event type, date range, user, or system. Full-text search works across all event fields.
Exporting for auditors
Export the audit trail as a cryptographically signed PDF or CSV. The signed export includes a verification key your auditors can use to confirm the records have not been tampered with.
Retention
The audit trail is retained for a minimum of 7 years. This meets the retention requirements for EU AI Act Article 12 (record-keeping obligations for high-risk AI systems).