Skip to main content

Audit trail

The audit trail is a complete, chronological record of every action taken across your Traceable account. It captures all events — from creating a product to accepting a supplier response to publishing a DPP — across all users on the account. It cannot be edited, filtered out of existence, or deleted by any user.

The audit trail exists to support two primary purposes: internal oversight (knowing who changed what and when) and regulatory accountability (demonstrating to authorities that your DPP management process has integrity and traceability).

What the Audit Trail Captures

Every event that modifies data or changes the state of a record is captured. This includes:

Product and DPP Events

  • Product created (including the method: manual or CSV import)
  • DPP field updated (any field in any section, by any user)
  • Product published (first publication and each subsequent republication)
  • Product unpublished
  • Product archived or unarchived
  • Product deleted
  • Draft revision started
  • Draft revision discarded
  • QR code downloaded (records who downloaded, in what format)

Document Events

  • Document uploaded
  • Document version uploaded
  • Document category or metadata changed
  • Document access control changed (e.g., from Internal to DPP-visible)
  • Document associated with a product or DPP section
  • Document disassociated from a product

Digital Signature Events

  • Document signed (records signer identity, document version, timestamp)
  • Signature revoked (records who revoked, reason, timestamp)
  • Multi-party signature request sent
  • Multi-party signing step completed or declined

Blockchain Anchor Events

  • Anchor transaction submitted
  • Anchor transaction confirmed (records transaction hash, block number)

Supplier Events

  • Supplier added to directory
  • Supplier invitation sent
  • Supplier invitation accepted
  • Supplier deactivated or reactivated
  • Data request created
  • Data request sent
  • Data request reminder sent
  • Supplier response submitted
  • Data request field value accepted (records the accepted value and the user who accepted)
  • Data request field value overridden and accepted
  • Data request clarification requested

Verification Events

  • Verification task created
  • Verification task assigned to verifier
  • Verifier viewed the task (first access)
  • Verification finding submitted (Approved or Rejected)
  • Verification task reassigned
  • Verification task cancelled

Account and User Events

  • User account created
  • User role changed
  • User deactivated
  • Login events (login, logout, failed login attempts)
  • Account settings changed (company name, address, etc.)

Document AI Events

  • AI processing consent granted or revoked
  • Document submitted for AI extraction
  • Extraction completed (records number of fields extracted and confidence distribution)
  • Extracted field accepted or rejected by user

How to Read an Audit Entry

Each entry in the audit trail contains the following fields:

FieldDescription
TimestampThe exact UTC date and time the event occurred, displayed to the second. All audit timestamps are UTC, regardless of the user's local timezone setting.
UserThe full name and email address of the user who performed the action. For automated system events (such as a supplier submitting a response, or a blockchain anchor being confirmed), this shows "System" with a description of the automated process.
Action typeA categorised label for the type of event: Create, Update, Delete, Publish, Unpublish, Sign, Anchor, Accept, Reject, Send, etc.
Resource typeThe type of entity affected: Product, Document, Supplier, Data Request, Verification Task, User, etc.
Resource nameThe human-readable name of the affected entity (e.g., the product name, document name, or supplier name).
Resource IDThe internal Traceable ID of the affected record. Useful for unambiguous cross-referencing, particularly when records with the same name exist.
DetailsFor field-level changes (Update events on DPP fields), this shows the previous value and the new value side by side. For other events, this shows a plain-English summary of what changed.

Example audit entry for a DPP field update:

Timestamp:     2026-04-07 14:32:05 UTC
User:          Sarah Chen (sarah.chen@operator-example.com)
Action type:   Update
Resource type: Product
Resource name: NovaPower LFP-100
Resource ID:   PROD-0042
Details:       [DPP field updated]
               Section: General Information
               Field: Nominal capacity (Ah)
               Previous value: 95.0
               New value: 100.0

Filtering the Audit Trail

The audit trail view supports the following filters, which can be combined:

Filter by Date Range

Set a start date and end date to see events within a specific period. The date range filter applies to the event timestamp. You can enter dates manually or use the calendar picker.

Filter by User

Select one or more users from your account to see only events performed by those users. Useful for reviewing a specific team member's activity or investigating an unexpected change.

Filter by Action Type

Select one or more action types (Create, Update, Delete, Publish, Sign, Anchor, etc.) to focus on a specific category of events. For example, selecting "Publish" and "Unpublish" shows only publication events across all products.

Filter by Resource Type

Narrow the view to events affecting a specific type of entity (Products, Documents, Suppliers, etc.).

Filter by Resource

If you want to see the complete history of a specific record — for example, all events related to a particular product — use the resource filter to select it by name or ID. This is the most common filter for investigating the change history of a specific DPP.

Active filters are displayed as tags at the top of the audit trail. The total count of matching entries is shown alongside the filter tags.

Exporting Audit Logs

For regulatory audits, internal compliance reporting, and legal proceedings, you can export audit log data to CSV:

  1. Navigate to Audit Trail.
  2. Apply any filters you want to scope the export (or leave unfiltered for a complete export).
  3. Click Export CSV.
  4. Confirm the export. For large date ranges or unfiltered exports, generation may take up to a minute.

The CSV export includes all fields visible in the audit trail view, plus the raw Resource ID for every entry. The export is delivered as a UTF-8 encoded CSV file compatible with all standard spreadsheet and data analysis tools.

Tip for regulatory audits: If a market surveillance authority requests evidence of your DPP management process, exporting the audit trail filtered by a specific product and date range provides a complete, timestamped record of every change made to that product's data, who made it, and when.

Retention Policy

Audit logs are retained for the full lifetime of your Traceable account. They are not subject to the standard data retention policies that apply to inactive records — audit logs are retained even if the product or user they relate to has been deleted.

For deleted products: the product record itself is removed, but all audit entries relating to that product (including the deletion event) are retained in the audit trail permanently. The resource name is shown as "[Deleted product]" and the Resource ID remains for reference.

For deactivated users: the user account is deactivated, but all audit entries showing their actions are retained permanently with their name and email address as recorded at the time of the action.

What You Cannot Do to Audit Logs

Audit logs in Traceable are immutable by design. No user — including account administrators — can:

  • Edit an existing audit entry
  • Delete an individual audit entry
  • Delete the audit trail in bulk
  • Add an entry retroactively
  • Change the timestamp on an entry

This immutability is a deliberate design choice. An audit trail that can be edited is not an audit trail — it is a log. The value of the audit trail as a compliance and accountability tool depends entirely on no party being able to alter the historical record. If you discover an error in a DPP field value, the correct response is to update the field (which creates a new audit entry showing the correction), not to alter the entry showing the original incorrect value.

If you believe an audit entry contains genuinely erroneous data due to a platform bug (not a user action), contact Traceable support with the specific entry details. Bug investigations are conducted by Traceable engineering and any corrections are applied transparently with a documented record.