Governance

Governance ledger and audit trail

The platform maintains an append-only operational ledger for sensitive actions across ingestion, lifecycle transitions, publishing, and access management. This is a governance-grade evidence layer, not a convenience activity log.

For: internal audit, compliance reviewers, incident responders, and board-level oversight stakeholders.

Last updated: 28 April 2026

Append-only evidence model

Security-relevant and governance-relevant actions are captured as append-only events. Existing records are not rewritten or deleted as part of normal operations, preserving historical integrity.

What is recorded

  • Vulnerability state transitions and verification outcomes.
  • Report and board-pack generation events.
  • Privileged identity and API key management actions.
  • Integration and ingestion control-path operations.
  • Material authorization or policy gate failures.

Tenant context and attribution

Events are attributed to tenant context and actor identity where applicable, supporting defensible reconstruction of who performed a change, in which workspace, and at what time.

Why this matters

Governance integrity depends on reliable evidence. For procurement and assurance reviews, the ledger demonstrates that operational claims can be independently checked against immutable event history.

Investigation and review usage

The ledger supports control testing, remediation verification reviews, incident investigation timelines, and post-incident governance reporting without relying on manual note reconstruction.

Related documentation

Was this page helpful?

Trust and legal

Trust and legal baselinePrivacy notice (POPIA)PAIA ManualCookie and tracking noticeWebsite termsSecurity testing authorizationPlatform termsResponsible disclosure