Audit and Evidence Model
Audit and evidence are infrastructure, not presentation details.
Audit:
- Append-only records.
- Tenant-scoped.
- Actor, action, target, correlation ID, and hash-chain metadata.
- Database trigger blocks updates.
Evidence:
- Links source event, alert, and delivery.
- Maps to a compliance control.
- Provides auditor-safe read paths.
Control catalog:
- Implemented as a global SOC 2, HIPAA, and GLBA starter catalog.
- Includes 25-30 Phase 1 controls with domains, policy references, and evidence expectations.
- Tenant-specific control status is stored separately and protected by RLS.
- Catalog reads are API-backed and audit
record.readactions.
Current thin slice creates evidence for unauthorized device detection.