Administration

Audit Logs

Comprehensive system audit trails, activity tracking, and before/after data changes

audit logs history tracking compliance gdpr security

Comprehensive Audit System

The system maintains detailed audit logs for every action performed by users, including page views, data changes, and system events. This provides complete traceability for compliance, security monitoring, and troubleshooting.

What is Audited?

The audit system tracks activities across 13 categories:

Core CRUD

  • Create, Read, Update, Delete operations
  • Login/Logout events
  • Submission, Approval, Rejection
  • Data exports

Documents & Signatures

  • Digital signature captures
  • Document uploads/downloads
  • Notification sending
  • Password changes

Parent Portal

  • Parent verification and login
  • Dashboard and form views
  • Child details, medical info updates
  • Legal ID uploads and signature completion

Errors

  • Server and client errors
  • Validation failures
  • 404 Not Found, Unauthorized
  • JavaScript errors, API errors

Report Builder

  • Report creation and modifications
  • Report runs (started, completed, failed)
  • Schedule management
  • Artefact downloads

Page Views

  • All page navigation
  • Dashboard, listing, details views
  • Search, filter, sort actions
  • Form views and pagination

Staff Portal

  • Child and parent record management
  • Submission and period management
  • User and document management
  • Settings and help access

Manager Actions

  • Approvals and rejections
  • Reviews and overrides
  • Exports and bulk actions
  • Assisted mode enabling

Admin Actions

  • User management
  • System settings changes
  • Data archival and imports
  • Submission reversions

Assisted Submission

  • Mode started/enabled events
  • All form step views and updates
  • Agreement confirmation
  • Signature completion

API

  • API authentication attempts
  • CRUD operations via API
  • Rate limiting events
  • Export operations

Session & Security

  • Session start/end/timeout
  • Password reset requests
  • Account lock/unlock
  • Email/phone verification

Data Access

  • Data exports and imports
  • Bulk updates and deletes
  • Sensitive data access (PII, NI numbers)
  • Medical data viewing

Viewing Audit Logs

  1. Go to Admin > Audit Log
  2. Use the filters to narrow results:
    • Date Range: Start and end dates
    • Action Category: Filter by category (e.g., Parent Portal, Staff Portal)
    • Action: Specific action type (grouped by category)
    • Entity Type: The type of record affected
    • User: Filter by specific staff member
    • Search: Search IP addresses, user agents, or data values
  3. Click 'View Changes' on any entry to see before/after data
  4. Use 'Export to Excel' to download filtered results

Before/After Data

For data modification actions (Create, Update, Delete), the audit log captures:

  • Before (Old Values): The state of the record before the change
  • After (New Values): The state of the record after the change

Click 'View Changes' on any audit entry to expand and see the full before/after JSON data with syntax highlighting.

User Identification

The audit system identifies users in several ways:

  • Staff Users: Identified by their login account (name and email displayed)
  • Parents: Identified by parent session (shows 'Parent: [Name]')
  • Anonymous: Unauthenticated access attempts are tracked with IP address
  • System: Automated actions (e.g., scheduled jobs)

Additional Captured Information

Each audit entry also records:

  • IP Address: Client IP (including forwarded addresses behind proxies)
  • User Agent: Browser/device information
  • Timestamp: Precise date and time (UTC)
  • Response Time: How long the request took
  • Entity ID: The specific record affected
  • Reference Number: For submission-related actions

Submission History

To view the complete history of a specific submission:

  1. Open the submission details page
  2. Click 'View Audit History' button
  3. See all actions related to that submission in chronological order

Audit Retention

Audit logs are retained according to data protection policies (default: 36 months). Old records may be archived or deleted as configured in system settings under Admin > Archival Settings.

GDPR Compliance: The audit system helps demonstrate compliance with data protection regulations by maintaining a complete record of who accessed what data, when, and what changes were made. This is essential for Subject Access Requests and regulatory audits.

Security Note: Audit logs themselves cannot be modified or deleted by regular users. Only system administrators can configure retention policies, and all archival actions are themselves audited.

Frequently Asked Questions

Can I see what data was changed in a record?
Yes. Click 'View Changes' on any audit entry that shows data modifications. You'll see a side-by-side comparison of the 'Before' and 'After' values in JSON format, highlighting exactly what changed.
How do I find all actions by a specific parent?
Use the 'Action Category' filter and select 'Parent Portal' to see all parent-related activities. You can also search by the parent's name in the search box, or view the submission history for their child's submission.
Why do some entries show 'Anonymous' as the user?
Anonymous entries occur when an action was performed without an authenticated session, such as accessing a page without logging in, failed login attempts, or accessing public endpoints.
How far back do audit logs go?
By default, audit logs are retained for 36 months. This can be configured in the system archival settings. Archived logs are permanently deleted after the retention period.
Can I export audit logs for a compliance review?
Yes. Apply your desired filters (date range, user, action type, etc.) and click 'Export to Excel'. The export includes all visible columns plus additional details in a format suitable for compliance reviews.
What is the difference between 'Action' and 'Action Category'?
Action Category groups related actions together (e.g., 'Parent Portal', 'Staff Portal', 'Errors'). The specific Action shows the exact operation performed (e.g., 'Parent Sign Complete', 'Staff: Update Child'). Use Category for broad filtering, Action for specific operations.
Are page views logged as well as data changes?
Yes. Every page view is logged under the 'Page Views' category, including dashboard views, listing views, details pages, and form views. This provides a complete picture of user activity.
How do I see errors and failed operations?
Filter by the 'Errors' action category to see all server errors, validation failures, 404 not found, unauthorized access attempts, and JavaScript errors. This is useful for troubleshooting and security monitoring.
Last updated: December 11, 2025
Was this helpful?