What is an audit trail?

The time-stamped, tamper-evident record of every screen, match, and decision — who did what, when, and why.

Last Reviewed: 2026-06-02Plain-English reference · not legal advice

Plain-English Summary

An audit trail is the running record of compliance activity: every screening run, match, override, escalation, and disposition, captured with the actor, the timestamp, the list source, and the reason. It is the system of record showing an organization followed its own procedures. The audit trail is the underlying log; an Evidence Pack is an export of the relevant parts of it for a specific case or review.

Why This Matters

Under enforcement, regulators ask not just "what did you decide?" but "can you prove how and when you decided it?" A complete, tamper-evident audit trail is the primary evidence of reasonable care — it shows screening happened, alerts were reviewed by a person, and decisions had a recorded basis. A weak or editable trail undermines every other control, no matter how good the screening was.

Visual Guide

How a compliance action becomes a record

1Action
Screen, review, decide
2Logged
Actor + time + list + reason
3Append-only
Tamper-evident, retained 5+ yrs
4Evidence Pack
Exported slice for a case

The audit trail is the source of truth; the Evidence Pack is a packaged view of it.

Explanation Depth

Concept Explanation

An audit trail is the detailed history of everything that happened: who screened a visitor, what the system found, who reviewed it, what they decided, and why — each with a date and time. Think of it as a logbook that cannot be secretly changed. If someone later asks "did you check this person, and why did you let them in?", the audit trail is the answer. That is why you write review notes carefully — they become part of the permanent record.

When You'll See This in SecurePoint

SecurePoint writes compliance actions — screens, adjudications, dispositions, overrides — to an append-only audit log that is protected from edit and delete at the database layer. Evidence Packs export the relevant slice of this trail for a specific case, screening, or review. The audit trail is the source of truth; the Evidence Pack is a packaged view of it.

What You Should Do Next

Make sure every compliance action — screen, match review, clear, escalate, override — is recorded with who, when, and why, and that those records cannot be quietly edited or deleted. Write review notes as if they will be read later by an auditor. Retain the records for at least the longest applicable period (sanctions and export records are generally kept five years; some defense contracts require longer).

What Can Go Wrong

Common failures: decisions made but not recorded (no basis on file), notes that are vague or editable after the fact, and logs that purge inside the retention window. Any of these turns a defensible decision into an undocumented one. Personal data should be kept out of general application logs, but the compliance event itself must still be captured in the audit trail — both at once.

Sources & References

Related Terms

Need structured workflow compliance?

SecurePoint USA builds these checks, watchlists, approvals, and immutable logs directly into your daily operations.

Talk to SecurePoint

Legal Disclaimer

This glossary entry is provided for educational and informational purposes only and does not constitute legal advice. SecurePoint USA is not a law firm, does not provide legal representation, and this system is not a replacement for qualified sanctions or export control counsel. While we strive to present accurate, up-to-date summaries of regulatory terms, regulations are complex and subject to change. Always consult with your institution's legal team or a certified compliance professional before making legal or operational determinations.