๐ก ๐ง Setup โ How NexCyber records every action in your workspace โ who did what, when, and why โ for internal review and external audit.
Audit log and activity trail
For regulated companies, traceability is non-negotiable. NexCyber records every meaningful action in your workspace and surfaces it as a queryable, exportable audit log. This article explains what's logged, how to access it, and how to use it during audit.
The Audit Log is available on the Portfolio plan and above.
What's recorded
NexCyber logs every action that changes state in your workspace:
- Account events โ user logins, role changes, invitations, removals.
- Assessment events โ assessment started, answer changed, assessment completed.
- Evidence events โ file uploaded, evidence linked to obligation, evidence archived.
- Obligation events โ status change (Gap โ Partial โ Covered), justification edited.
- Trust Passport events โ passport issued, passport revoked, passport shared.
- Billing events โ plan upgrade / downgrade, payment method change.
- API events โ every authenticated API call (on Command plan and above).
For each event, the log captures:
- Timestamp in UTC, millisecond precision.
- Actor โ which user, or which API token, or "system" for automated events.
- Action verb (created, updated, deleted, linked, etc.).
- Target โ the resource that was changed.
- Before / after snapshot for important changes (e.g. obligation status changes show the old and new value).
- Source IP and user agent (truncated for privacy).
How to access it
Open Settings โ Audit log to see the live feed. The page supports:
- Free-text search โ find an action by keyword.
- Filter by user โ show every action by a specific teammate.
- Filter by action type โ only show logins, only show passport events, etc.
- Filter by date range โ useful for scoped reviews.
You can also click any event to see the full payload โ including before / after snapshots for state changes.
Retention
| Plan | Retention |
|---|---|
| Portfolio | 90 days online + archive available on request |
| Command | 12 months online + extended archive |
| Strategic | 24 months online + extended archive |
Beyond the online retention window, archived logs are available via support request within 5 business days.
Exporting the audit log
For external audit, you can export the log as:
- CSV โ one row per event, easy to load into Excel or your audit tooling.
- NDJSON โ one JSON object per line, machine-readable for downstream pipelines.
- PDF report โ a formatted, page-numbered, signed PDF suitable for audit binders.
To export:
- Open the Audit log view.
- Apply the filters you want (typically a date range and optionally a specific user / action).
- Click "Export" in the top-right.
- Pick the format.
- The export runs in the background and arrives by email when ready (usually under 60 seconds, longer for very large exports).
Each export is itself logged โ auditors can verify that the export they're holding is the one NexCyber generated.
Using the audit log during external audit
Typical scenarios where the audit log carries weight:
"Show me who approved this obligation as Covered."
Open the obligation, click "View history", and you'll see each status change with actor, timestamp, and justification text. Auditors can trust this because the log is append-only and tamper-evident (next section).
"Prove evidence X was attached on this date."
Search the log for the evidence ID or filename. The "evidence linked" event has the exact timestamp and the user who did it.
"Show me access to sensitive data over the audit window."
Filter by action type "login" and date range. Export to CSV for the auditor's records.
Tamper-evidence
Audit log entries are append-only. They cannot be edited or deleted by any user (not even account owners). Every entry is checksum-protected and ordered such that any tampering attempt would break the chain and be detectable.
This isn't a marketing claim โ it's part of how NexCyber's internal data model is structured, and it's documented in our SOC 2 report (available under NDA).
Sensitive data in the log
We never log:
- Passwords, API keys, or other credentials.
- Full file contents (only file metadata: name, size, hash, owner).
- Personal data beyond the actor's email and the resources they accessed.
If you're concerned about a specific category of data appearing in the log, contact us via the chat โ we can walk through your specific compliance needs.
โ See "Data residency and EU hosting"
๐ฌ Need help?
- Reach out via our live chat (bottom-right) โ Captain AI replies instantly, human experts within business hours.
- Email support@nexcyber.eu with
[P1]for Command/Strategic priority issues.
โน๏ธ Disclaimer โ RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification.
Last reviewed: 2026-06-02 ยท NexCyber Help Center