← Glossary

Audit log

An append-only record of every consequential action taken on master data — rule changes, manual merges, approved splits, exports.

MDM audit logs serve a different purpose from application logs. App logs are for engineers debugging; audit logs are for compliance officers proving "nobody monkeyed with the customer records."

A useful audit log captures:

  • The actor (user ID or system component)
  • The action (created entity, split cluster, edited survivorship rule, exported data)
  • Before and after state (where it's a mutation)
  • A timestamp from a trusted clock
  • A cryptographic chain so tampering is detectable

Golden Suite implements per-org chains using a Postgres `BEFORE INSERT` trigger that hashes the canonical row + previous-row hash. `REVOKE UPDATE, DELETE` on the table prevents in-place modifications. Audit log content is shipped daily to long-term storage for SOC2-aligned retention.