Page:
security-audit-trail
Pages
Home
development architecture
development conventions
development patterns
development setup
development
features
governance
learnings
product-data-capture-analysis
product-observability-user-stories
product roadmap
product-user-guide
product vision
product
releases
security-access-control
security-audit-trail
security-change-management
security-incident-response
security-information-security-policy
security-risk-register
security
No results
1
security-audit-trail
Jochem de Boer edited this page 2026-04-13 14:33:49 +00:00
Table of Contents
Audit Trail
What Is Logged
The SDLC workflow automatically produces audit evidence at each stage:
| Event | Evidence | Location |
|---|---|---|
| Requirement created | PREQ issue | Platform issues |
| Requirement approved | Issue comment + label change | Platform issues |
| Plan approved | Issue comment + label change | Platform issues |
| Code implemented | Git commits with conventional messages | Git history |
| Code reviewed | Code review report | Wiki: features/<id>/review-report.md |
| E2E validated | E2E report | Wiki: features/<id>/e2e-report.md |
| UAT approved | Issue comment | Platform issues |
| Feature released | Release page + tag | Wiki: releases/ + Git tags |
| Documentation updated | Wiki git history + governance issue | Wiki history + Platform projects |
Documentation Changes
All wiki changes are tracked in the wiki's git history. Changes to sensitive sections (security/, development/architecture) are additionally tracked through the documentation governance process with explicit approval records.
See Documentation Governance for the review policy.
Retention
Define how long audit records are retained.
Last reviewed: Not yet reviewed
Product
Development
Security & Compliance