Enterprise
Compliance & Audit Logging
Built-in audit logging for SOC 2, HIPAA, and GDPR compliance - comprehensive event tracking with zero configuration required
The .do platform automatically logs all security-relevant events for compliance and audit purposes. Your application inherits enterprise-grade audit capabilities without writing logging code.
How It Works
Audit logging is automatic for all platform operations:
// You write normal application code
await $.Project.update(projectId, { status: 'completed' })
// Platform automatically logs:
// - Who made the change (user, email, IP address)
// - What was changed (before/after values)
// - When it happened (timestamp with timezone)
// - Where it came from (IP, location, user agent)
// - Why (request context, API endpoint)
// - Organization context (tenant isolation)
// All stored for compliance retention periods
// All tamper-proof and queryableThe platform logs:
- Authentication events - Logins, logouts, MFA, SSO
- Authorization events - Permission checks, role changes
- Data access - Reads, writes, exports of sensitive data
- Configuration changes - Security settings, integrations
- Administrative actions - User management, org settings
- API activity - All API requests and responses
Automatic Event Types
The platform tracks comprehensive events automatically:
Authentication
// These events are logged automatically - no code needed:
// 'auth.login.success' - User successfully authenticated
// 'auth.login.failed' - Login attempt failed
// 'auth.logout' - User logged out
// 'auth.mfa.verified' - MFA successfully completed
// 'auth.sso.redirect' - User redirected to SSO provider
// 'auth.session.created' - New session created
// 'auth.session.expired' - Session timed out
// 'auth.token.created' - API token generated
// 'auth.token.revoked' - API token revoked
on($.Auth.logEvent, async ({ event }) => {
// You can react to auth events if needed
if (event.type === 'auth.login.failed' && event.attemptCount >= 5) {
await $.Alert.send({
type: 'security',
message: `Multiple failed login attempts: ${event.email}`
})
}
})Data Operations
// Automatic logging for all data operations:
// 'data.created' - New record created
// 'data.read' - Record accessed
// 'data.updated' - Record modified
// 'data.deleted' - Record removed
// 'data.exported' - Data exported/downloaded
// 'data.sensitive.accessed' - PII/PHI accessed
// Example: Track sensitive data access
await $.User.find(userId) // If user record contains PII
// Platform logs: 'data.sensitive.accessed'
// Includes: who, when, which fields, whyPermissions
// Permission changes logged automatically:
// 'permission.granted' - Permission added to user
// 'permission.revoked' - Permission removed
// 'permission.role.assigned' - Role assigned
// 'permission.role.removed' - Role removed
// 'permission.denied' - Access attempt blocked
// No logging code needed
await $.User.assign.Role({ userId, roleId: 'admin' })
// Platform logs: 'permission.role.assigned'
// Includes: who made change, target user, new role, previous roleConfiguration
// All config changes logged:
// 'config.updated' - Settings changed
// 'config.sso.configured' - SSO activated
// 'config.directory.configured' - Directory sync activated
// 'config.integration.added' - New integration connected
// 'config.security.updated' - Security policy changed
await $.Organization.update(orgId, {
settings: { security: { requireMFA: true } }
})
// Platform logs: 'config.security.updated'
// Includes: before/after values, who made change, timestampQuerying Audit Logs
Access audit logs through platform APIs:
// Get recent events for organization
const events = await $.AuditLog.list({
organizationId: orgId,
limit: 100,
order: 'desc'
})
// Filter by event type
const authEvents = await $.AuditLog.list({
organizationId: orgId,
types: ['auth.login.success', 'auth.login.failed']
})
// Filter by user
const userActivity = await $.AuditLog.list({
organizationId: orgId,
userId: userId,
dateRange: {
start: '2025-01-01',
end: '2025-01-31'
}
})
// Filter by resource
const projectChanges = await $.AuditLog.list({
organizationId: orgId,
resourceType: 'project',
resourceId: projectId
})Compliance Reports
Generate compliance reports automatically:
SOC 2 Report
// Platform generates SOC 2 reports automatically
const report = await $.Compliance.generateReport({
type: 'soc2',
organizationId: orgId,
period: {
start: '2025-01-01',
end: '2025-12-31'
}
})
console.log({
// Trust Services Criteria: Security
securityEvents: report.security,
unauthorizedAccessAttempts: report.security.accessDenied,
failedAuthenticationAttempts: report.security.authFailed,
// Trust Services Criteria: Availability
systemUptime: report.availability.uptime,
outages: report.availability.incidents,
// Trust Services Criteria: Processing Integrity
dataIntegrity: report.processing.dataOperations,
// Trust Services Criteria: Confidentiality
dataAccessControls: report.confidentiality.accessEvents,
encryptionStatus: report.confidentiality.encryption
})HIPAA Audit Trail
// HIPAA-compliant audit trail (45 CFR § 164.312(b))
const hipaReport = await $.Compliance.generateReport({
type: 'hipaa',
organizationId: orgId,
period: { start: '2025-01-01', end: '2025-01-31' }
})
// Required elements automatically tracked:
// - Who accessed PHI (actor)
// - What PHI was accessed (resource)
// - When access occurred (timestamp)
// - Where access originated (IP, location)
// - What action was performed (read, write, export)GDPR Data Subject Access
// GDPR Article 15 - Right of access
const gdprReport = await $.Compliance.generateReport({
type: 'gdpr_access',
userId: userId,
organizationId: orgId
})
// Includes:
// - All personal data processed
// - Purposes of processing
// - Categories of data
// - Recipients of data
// - Retention periods
// - Data subject rights availableAutomatic Retention
Platform enforces compliance retention policies:
// Retention policies configured automatically per regulation
// SOC 2: 2 years minimum
// HIPAA: 6 years minimum
// GDPR: As long as data is processed
// PCI DSS: 1 year minimum
// Platform retains logs based on organization's compliance needs
await $.Organization.update(orgId, {
compliance: {
frameworks: ['soc2', 'hipaa', 'gdpr'],
retentionPeriod: '7y' // Platform enforces longest requirement
}
})
// Logs automatically deleted after retention period
// Or archived to cold storage for cost efficiencyReal-Time Monitoring
Monitor security events in real-time:
// Platform fires events for suspicious activity
on($.Security.suspiciousActivity, async ({ event, severity }) => {
// Multiple failed logins
if (event.type === 'auth.brute_force_detected') {
await $.Alert.send({
type: 'security',
severity: 'high',
message: `Brute force attack detected: ${event.email}`,
action: 'block_ip'
})
}
// Unusual data export
if (event.type === 'data.mass_export' && event.recordCount > 10000) {
await $.Alert.send({
type: 'security',
severity: 'medium',
message: `Large data export by ${event.user.email}: ${event.recordCount} records`
})
}
// Privilege escalation
if (event.type === 'permission.admin_granted') {
await $.Notification.send({
to: organization.securityTeam,
message: `Admin privileges granted to ${event.targetUser.email} by ${event.actor.email}`
})
}
})Data Classification
Mark sensitive data for enhanced logging:
// Define sensitive fields
const User = $.define({
name: 'User',
fields: {
email: $.String,
firstName: $.String,
lastName: $.String,
// Mark as sensitive - enhanced logging
ssn: $.String.sensitive({ classification: 'pii' }),
dateOfBirth: $.Date.sensitive({ classification: 'pii' }),
medicalRecord: $.Text.sensitive({ classification: 'phi' }),
creditCard: $.String.sensitive({ classification: 'pci' })
}
})
// Platform automatically:
// - Logs all access to sensitive fields
// - Requires justification for access
// - Alerts on unusual access patterns
// - Masks values in non-production logsUser Activity Timeline
Show users their own activity (GDPR transparency):
// Users can view their activity
on($.API.request, async ({ path, user }) => {
if (path === '/my-activity') {
const activity = await $.AuditLog.list({
userId: user.id,
organizationId: user.organizationId,
limit: 100
})
return activity.map(event => ({
timestamp: event.occurredAt,
action: event.type,
description: formatEventDescription(event),
location: event.context.location,
ipAddress: event.context.ipAddress
}))
}
})Export & Streaming
Export audit logs for external systems:
// Export to CSV
const csv = await $.AuditLog.export({
organizationId: orgId,
format: 'csv',
dateRange: { start: '2025-01-01', end: '2025-01-31' }
})
// Stream to SIEM (Splunk, Datadog, etc.)
await $.Organization.update(orgId, {
auditLogStreaming: {
enabled: true,
destination: 'splunk',
endpoint: 'https://splunk.acme.com/webhook',
apiKey: 'encrypted_key',
eventTypes: ['auth.*', 'data.sensitive.*', 'permission.*']
}
})
// Platform streams events in real-time
// No additional code needed
// Stream to S3 for long-term storage
await $.Organization.update(orgId, {
auditLogArchive: {
enabled: true,
bucket: 's3://acme-audit-logs',
schedule: 'daily', // or 'weekly', 'monthly'
retention: '7y'
}
})Compliance Dashboard
Platform provides built-in compliance dashboards:
// Access compliance status
const status = await $.Compliance.getStatus(orgId)
console.log({
frameworks: status.frameworks, // ['soc2', 'hipaa']
overallScore: status.score, // 0-100
controls: {
authentication: status.controls.authentication.compliant,
authorization: status.controls.authorization.compliant,
dataProtection: status.controls.dataProtection.compliant,
auditLogging: status.controls.auditLogging.compliant,
encryption: status.controls.encryption.compliant
},
recommendations: status.recommendations,
lastAudit: status.lastAuditDate,
nextAudit: status.nextAuditDate
})Incident Response
Audit logs support incident investigation:
// Investigate security incident
const incident = await $.AuditLog.investigate({
organizationId: orgId,
suspiciousUserId: userId,
timeWindow: {
start: '2025-01-20T14:00:00Z',
end: '2025-01-20T15:00:00Z'
}
})
console.log({
// User's actions during time window
actions: incident.userActions,
// Related suspicious activities
correlatedEvents: incident.correlatedEvents,
// Affected resources
affectedResources: incident.resources,
// Risk assessment
riskLevel: incident.riskLevel, // 'low', 'medium', 'high', 'critical'
// Recommended actions
recommendations: incident.recommendations
})Privacy & Data Rights
Support data subject rights automatically:
// GDPR Right to Access
on($.User.requestData, async ({ user }) => {
const data = await $.Compliance.exportUserData(user.id)
// Platform compiles:
// - All user data
// - Processing purposes
// - Data recipients
// - Retention periods
// - Activity history
return data
})
// GDPR Right to Erasure
on($.User.requestDeletion, async ({ user }) => {
await $.Compliance.deleteUserData(user.id, {
method: 'full', // or 'anonymize'
reason: 'user_request',
retainLogs: true // Keep audit logs per legal requirement
})
// Platform:
// - Deletes all user data
// - Anonymizes audit logs
// - Notifies integrated systems
// - Logs deletion for compliance
})Cost Model
Audit logging is included in platform pricing:
- No per-event fees - Log unlimited events
- No storage fees - Retention included
- No query fees - Unlimited queries
- No export fees - Unlimited exports
Standard retention (2 years) included. Extended retention available.
Summary
Compliance on the .do platform is:
- Automatic - All events logged without code
- Comprehensive - Authentication, data, permissions, config
- Compliant - Meets SOC 2, HIPAA, GDPR requirements
- Tamper-Proof - Immutable audit trail
- Queryable - Powerful search and filtering
- Exportable - CSV, JSON, streaming to SIEM
- Zero-Maintenance - Platform handles everything
Focus on your product. Let the platform handle compliance.
Related Documentation
- Authentication - Auth event logging
- User Provisioning - Provisioning audit trail
- Multi-Tenancy - Organization-scoped logs
- Admin Portals - Configuration change logging
- Security - Security best practices