Audit Log
The audit log is a permanent, tamper-evident record of all significant actions taken within your TrueGrade organization. It is the accountability backbone of the platform.
What Is Logged
The audit log captures:
User management
- User invited, activated, deactivated
- Role changes (from role, to role, changed by)
- Password resets
- SSO configuration changes
Compliance
- Document submitted, verified, rejected
- Subcontractor added, removed
- Alert configuration changed
Certifications
- Certification created, advanced, blocked, certified
- Test results entered or modified
- Inspection recorded
Cost intelligence
- Estimate created, locked, revised
- Cost actual created, modified, deleted
- QuickBooks export generated
Field reporting
- Daily reports submitted, edited
- Issues created, resolved, closed
- Drawing sets uploaded
Labor
- Timesheets submitted, approved, rejected
- Pay applications issued, approved, voided
Procurement
- RFQs issued, closed, awarded
- Bid tabulations exported
Administration
- Organization settings changed (field, previous value, new value)
- Integrations configured or disconnected
- Billing plan changes
Viewing the Audit Log
Navigate to Administration → Audit Log. The log shows entries in reverse chronological order.
Each entry includes:
| Field | Description |
|---|---|
| Timestamp | UTC timestamp of the action |
| User | Name and email of the user who performed the action |
| Action | Standardized action identifier (e.g., compliance.document.verified) |
| Target | The object that was acted on (document name, user email, etc.) |
| Project | Project context, if applicable |
| IP address | IP address from which the request originated |
| Details | Structured JSON with before/after values for field changes |
Filtering the Log
Filter the audit log by:
- Date range
- User — see all actions by a specific user
- Action category — compliance, certifications, cost, field, labor, procurement, administration
- Project
Exporting the Audit Log
Export filtered audit log data as CSV from the Export button. Exports are commonly used for:
- Security incident investigation
- Project-owner or lender audit requests
- Compliance certifications (SOC 2, ISO 27001 evidence)
- Dispute resolution (proving which user took what action and when)
Audit log data is retained for the lifetime of your subscription plus 90 days after cancellation. On Enterprise plans, extended retention (up to 7 years) is available — contact support.
Tamper Resistance
Audit log entries cannot be modified or deleted by any user, including Admins and Platform Admins. Entries are write-once and cryptographically chained so that any modification attempt is detectable. TrueGrade support staff cannot delete audit log entries without leaving a meta-entry recording the deletion.
Real-Time Alerts
Configure real-time audit log alerts for specific high-risk actions under Administration → Organization Settings → Security → Audit Alerts. For example:
- Alert when any user is promoted to Admin
- Alert when SSO configuration changes
- Alert when a pay application is voided
- Alert when billing information is updated
Alerts are delivered via email and, if configured, via Slack or Teams.