Audit Logging Overview Compliance audit logs must answer: who did what to which resource , when , from where , and with what result . They must also be tamper-evident — an auditor must be able to verify logs haven't been modified. Regulatory retention requirements: | Standard | Retention | |----------|-----------| | HIPAA | 6 years | | PCI DSS | 12 months online + 12 months archive | | SOC 2 (typical) | 1 year | | GDPR | Defined by purpose (often 1-3 years) | Required Log Fields Hash Chain Implementation Hash chaining makes log tampering detectable: each entry includes a hash of the previous…