Glossary / append-only-audit-log

Append-Only Audit Log

A tamper-evident log where no row is ever updated or deleted; the canonical evidence store for regulatory audit trails.

Control

← All terms

An append-only audit log is a log where no row is ever updated or deleted after insertion. New events are appended; nothing is mutated. Regulatory audit-trail requirements (EU AI Act Art. 12 automatic event logging, ISO/IEC 42001 A.8.2 testing and evaluation, NIST AI 600-1 MANAGE-3.2 incident response) effectively require this property even when they do not say so verbatim.

The implementation pattern varies. The application-level constraint is enforced through SQL grants where the writer role has INSERT-only privilege and no UPDATE or DELETE grant. A storage-layer tamper-evident mirror (a database-level audit channel that logs every write independently of the application) gives the auditor a second-source trail that an actor with database-administrator access cannot rewrite.

Retention is typically tenant-configurable. Regulated industries often keep the audit log for ten years to match the prudential or healthcare evidence retention requirement.

Related terms

Other entries in this neighbourhood.

Sealed-Box Encryption An authenticated public-key encryption construction (X25519 + XSalsa20 + Poly1305) where the sender is anonymous and only the holder of the recipient secret key can decrypt. AI Security Posture Management (AI-SPM) Continuous discipline that discovers, assesses, secures, and proves the compliance posture of AI systems including LLM apps, agents, MCP servers, RAG pipelines, and vector databases.
Primary sources

Where to read the canonical definition.

  • EU AI Act Article 12 (Record-keeping) open →

See Append-Only Audit Log in production.

The Penaxtra platform implements the controls and assessments described above as part of its AI-SPM programme.

AI-SPM platform overview