Request a Demo
Platform Infrastructure

Audit Trail

The immutable, tamper-proof event ledger for the entire Civic platform — every module that needs activity logging, compliance evidence, or forensic investigation writes to Audit Trail.

Request Architecture Brief← All Modules
99.99%

Uptime SLA

<50ms

Write Latency

5K evt/s

Throughput

SHA-256

Hash Chain

Purpose-Built for Canadian Municipalities

Ontario Compliant
MFIPPA Ready
AODA Accessible
Bilingual Support
Canadian Hosted
SOC 2 Aligned

How It Works

The identity journey, step by step

From first registration to golden record resolution — how a resident's identity evolves across the platform.

01

PII Access Review

A privacy officer investigates who accessed a citizen's personal data in the last 90 days.

How it works

The privacy officer navigates to the compliance dashboard, enters the citizen's ID, and pulls a complete PII access report. The report lists every staff member who viewed the citizen's data, which fields they accessed, the purpose code, and the timestamp — ready for IPC audit submission.

Step 1 of 5

Purpose & Scope

What this module owns

Clear ownership boundaries prevent duplication and ensure every capability has exactly one authoritative home.

Owns

10

Delegated to

4

Access control enforcement

security-iam

Notification delivery

notification-engine

Data storage of audited entities

consuming modules

Real-time monitoring / alerting

security-iam

These capabilities are handled by dedicated modules and consumed via stable API contracts — keeping boundaries clean and ownership unambiguous.

Core Capabilities

What it does

4 capability groups comprising 7 discrete capabilities — each with API surface, business rules, and data ownership.

Events can only be created, never updated or deleted — with SHA-256 hash chain forming a tamper-evident ledger.

Append-Only

Events can only be created, never updated or deleted (database-level enforcement).

Hash Chain

Each event includes SHA-256 hash of the previous event, forming a tamper-evident chain.

Integrity Verification

Scheduled integrity checks verify hash chain continuity; any broken link raises a security alert.

Partitioning

Events partitioned by month for performance; archived partitions moved to cold storage after retention period.

Compression

Archived partitions compressed (ZSTD) to reduce storage costs.

Nine event categories with configurable retention periods ranging from 2 to 10 years — authentication, authorization, data access, modification, workflow, financial, compliance, system, and security.

Authentication

Login success/failure, logout, MFA challenge, session timeout — 2-year retention.

Authorization

Permission granted/denied, role change, privilege escalation — 7-year retention.

Data Access

PII viewed, report generated, data exported, bulk download — 7-year retention.

Data Modification

Record created, updated, deleted (soft), field changed — 7-year retention.

Financial & Compliance

Payment processed, refund issued, consent granted/revoked, FOI request — 10-year retention.

Security

Brute force detected, IP blocked, suspicious activity, admin override — 10-year retention.

Real-World Scenarios

Who uses this, and how

4 persona-driven scenarios showing how Audit Trail works in practice — from resident registration to privacy compliance.

Privacy Officer

Freedom of Information Request

A citizen submits an FOI request asking who has accessed their personal information in the past year.

Steps

  1. 1Privacy officer receives the FOI request and logs into the audit compliance dashboard
  2. 2Searches for the citizen by ID and selects 'Generate PII Access Report'
  3. 3System queries all data_access events where the citizen's entity_id appears and pii_fields_accessed is populated
  4. 4Report generated showing each access: staff name, role, fields viewed, purpose code, timestamp
  5. 5Privacy officer reviews for any accesses without valid purpose codes
  6. 6Exports the report as a PDF with integrity attestation for the FOI response

Outcome

Complete, tamper-evident PII access history delivered to the citizen within the MFIPPA response timeline, proving municipal compliance with privacy regulations.

View scenario

IT Security Analyst

Suspicious Access Pattern Investigation

An audit.security_anomaly event fires because a staff member accessed 150 citizen records in one hour during off-hours.

Steps

  1. 1Security analyst receives the anomaly alert via notification-engine
  2. 2Opens the audit trail search and filters by the flagged actor_id and time window
  3. 3Reviews the 150 events — all data_access category, PII fields include SIN and date of birth
  4. 4Cross-references with the user's normal access pattern (typically 10-15 records/day)
  5. 5Checks the purpose codes — all show 'service_delivery' but the user is in a non-service role
  6. 6Escalates to security manager with the full event timeline and user profile

Outcome

Potential data breach identified and escalated within 30 minutes. Full forensic timeline preserved in the immutable audit store for investigation and potential disciplinary or legal proceedings.

View scenario

External Auditor

Annual SOC 2 Compliance Audit

An external auditor needs to verify that all platform actions are logged with appropriate controls for SOC 2 certification.

Steps

  1. 1Auditor requests sample audit events across all nine categories for the audit period
  2. 2Finance staff runs the compliance export for the requested date range and categories
  3. 3Auditor verifies hash chain integrity using the attestation certificate
  4. 4Reviews event completeness: every login, data access, modification, and administrative action logged
  5. 5Validates retention policies match documented controls — 7 years for data, 10 years for financial
  6. 6Confirms anomaly detection and alerting are active and functioning

Outcome

SOC 2 audit evidence delivered with tamper-proof integrity attestation. Hash chain verification confirms zero modifications to historical events.

View scenario

Municipal Legal Counsel

Court Evidence Chain of Custody

A bylaw enforcement case goes to court and the defendant challenges the integrity of the inspection records.

Steps

  1. 1Legal counsel requests the full change history for the disputed inspection entity
  2. 2Audit trail provides chronological event log: creation, each status change, inspector notes, photos uploaded
  3. 3Before/after snapshots show exact field-level changes at each step with timestamps and actor attribution
  4. 4Hash chain integrity report proves no records have been altered since original creation
  5. 5Export generated with integrity attestation certificate for court submission

Outcome

Court accepts the audit trail as admissible evidence. Hash chain integrity proves non-tampering and the before/after snapshots provide a complete, uncontested record of the inspection process.

View scenario

Internal Architecture

How it's built

4 architectural layers comprising 24 components — from API gateway to data quality engine.

4 layers · 24 total components

Audit Trail

Every module owns a single bounded context, exposes stable APIs, and can be composed into any Civic product — that's the architecture that scales.

Krutik Parikh

Creator of Civic

Data Model

Entity Architecture

3 entities with 3 relationships — the authoritative schema for this bounded context.

Entities

Select an entity to explore its fields and relationships

API Surface

Integration Endpoints

11 RESTful endpoints across 3 resource groups — plus 4 domain events for async integration.

|
POST

/api/v1/audit/events

Record a single audit event

POST

/api/v1/audit/events/batch

Record multiple audit events (bulk)

Ecosystem

Products that depend on this module

11 Civic products consume Audit Trail — making it one of the most critical platform services in the ecosystem.

CRM

Citizen PII access logging, case note authorship, delegation tracking

View product →

Digital Payments

PCI-DSS Requirement 10, cardholder data access, refund authorization

View product →

HR & Payroll

Employee record access, SIN field access logging, payroll approval

View product →

Property Tax

Assessment change tracking, tax account modifications, appeal history

View product →

Court / POA

Chain of custody for evidence, sentencing decisions, payment history

View product →

Licences & Permits

Inspection results, condition modifications, fee adjustments

View product →

Council & Agenda

Bylaw amendments, recorded vote tallying, declaration of interest

View product →

Elections

Voter eligibility checks, ballot handling, recount processes

View product →

Social Housing

Waitlist position changes, tenant selection rationale, income verification access

View product →

Document & Records

FOI request processing, destruction authorization, access tracking

View product →

Security Platform

SIEM integration, incident response, vulnerability tracking

View product →

Technical Specifications

Performance, Compliance & Configuration

Availability

Target99.99% — audit trail failure must never block platform operations (async writes with local buffer)

Write Latency

Target< 50ms for event ingestion (async, non-blocking to caller)

Search Latency

Target< 2 seconds for indexed queries; < 10 seconds for full-text search across 1M events

Throughput

Target5,000 events/second sustained; burst to 20,000 events/second

Storage

Target~500 bytes/event average; plan for 50M events/year per municipality

Integrity

TargetSHA-256 hash chain verified every 6 hours; alert within 5 minutes of any breach

Retention

TargetConfigurable per category; minimum 7 years for data events; 10 years for financial/compliance

Disaster Recovery

TargetAudit store replicated to secondary region; RPO < 1 minute

FAQ

Frequently Asked Questions

Ready to Integrate

Build on Audit Trail

Request an architecture brief, integration guide, or live demo environment for your team.

Request Architecture BriefBrowse All Modules