Audit Log

The audit log is a permanent, tamper-evident record of all significant actions taken within your TrueGrade organization. It is the accountability backbone of the platform.

What Is Logged

The audit log captures:

User management

User invited, activated, deactivated
Role changes (from role, to role, changed by)
Password resets
SSO configuration changes

Compliance

Document submitted, verified, rejected
Subcontractor added, removed
Alert configuration changed

Certifications

Certification created, advanced, blocked, certified
Test results entered or modified
Inspection recorded

Cost intelligence

Estimate created, locked, revised
Cost actual created, modified, deleted
QuickBooks export generated

Field reporting

Daily reports submitted, edited
Issues created, resolved, closed
Drawing sets uploaded

Labor

Timesheets submitted, approved, rejected, unlocked
Pay applications issued, approved, voided

Procurement

RFQs issued, closed, awarded
Bid tabulations exported

Administration

Organization settings changed (field, previous value, new value)
Integrations configured or disconnected
Billing plan changes

Viewing the Audit Log

Navigate to Administration → Audit Log. The log shows entries in reverse chronological order.

Each entry includes:

Field	Description
Timestamp	UTC timestamp of the action
User	Name and email of the user who performed the action
Action	Standardized action identifier (e.g., `compliance.document.verified`)
Target	The object that was acted on (document name, user email, etc.)
Project	Project context, if applicable
IP address	IP address from which the request originated
Details	Structured JSON with before/after values for field changes

Filtering the Log

Filter the audit log by:

Date range
User — see all actions by a specific user
Action category — compliance, certifications, cost, field, labor, procurement, administration
Project

Exporting the Audit Log

Export filtered audit log data as CSV from the Export button. Exports are commonly used for:

Security incident investigation
Owner or lender audit requests
Compliance certifications (SOC 2, ISO 27001 evidence)
Dispute resolution (proving which user took what action and when)

Audit log data is retained for the lifetime of your subscription plus 90 days after cancellation. On Enterprise plans, extended retention (up to 7 years) is available — contact support.

Tamper Resistance

Audit log entries cannot be modified or deleted by any user, including Owners and Admins. Entries are write-once and cryptographically chained so that any modification attempt is detectable. TrueGrade support staff cannot delete audit log entries without leaving a meta-entry recording the deletion.

Real-Time Alerts

Configure real-time audit log alerts for specific high-risk actions under Administration → Organization Settings → Security → Audit Alerts. For example:

Alert when any user is promoted to Admin or Owner
Alert when SSO configuration changes
Alert when a pay application is voided
Alert when billing information is updated

Alerts are delivered via email and, if configured, via Slack or Teams.