The problem
Application logs help engineers operate software. An audit trail answers a different set of questions: who accessed or changed sensitive information, what happened, when it happened, and whether the action was permitted.
This demonstration defines an audit model for healthcare and life sciences workflows where traceability must be useful to technical, security, and quality reviewers.
Event model
The model treats audit events as structured records rather than free-form log messages. A typical event contains:
- actor and access context;
- action and affected object;
- timestamp and correlation identifier;
- before-and-after references where appropriate;
- outcome, reason, and originating system.
The application event model remains separate from lower-level infrastructure telemetry, while correlation IDs allow reviewers to connect them during an investigation.
Integrity and privacy
Audit data needs protection of its own. Access is restricted, retention is intentional, and changes to audit records are prevented or independently detectable. The design minimizes sensitive payload content so that evidence remains useful without unnecessarily duplicating protected data.
Review workflow
Evidence only helps when a reviewer can use it. The proposed review interface supports filters for actor, record, action, outcome, and time range. Exports retain stable identifiers and enough context to support an investigation or controlled review.
Validation approach
Tests cover successful and denied access, record changes, administrative actions, missing context, export controls, and attempted audit-log modification. Each high-risk requirement maps to an expected event and an objective test result.
Project status
This is a portfolio demonstration. Planned artifacts include an event dictionary, access matrix, sample review interface, synthetic audit dataset, and risk-based test evidence.
