Compliance and Audit
Audit logs, retention policies, litigation holds, auditor access — the compliance machinery in plain language.
Compliance and Audit
What's in the audit log?
Every document creation, view (where applicable), update, delete, restore. Every workflow advance, approve, reject. Every permission grant/revoke. Every login, password change, MFA event. Every configuration change.
Is the audit log tamper-proof?
Yes — hash-chained, meaning each entry references the previous entry's hash. Any alteration breaks the chain. See Inside the Papyrus Audit Trail for the technical detail.
How long is the audit log retained?
For the life of the tenant, plus 7 years after termination. Audit log entries cannot be deleted by anyone, including PlatformAdmins.
What's a retention policy?
A rule attached to a document type or folder: “Keep for X years, then review/dispose”. Applied automatically based on classification. Documents flagged for litigation hold are exempt from disposition.
What's a litigation hold?
A flag (placed by Legal) that prevents deletion of named documents, folders, or users' content regardless of retention policy. Released only by an authorised user; release is itself logged.
How do I give an auditor access?
Grant them the Auditor role (read-only, scope-limited). They can browse documents and run audit log queries but cannot modify anything. Common practice: time-bound the role to the audit period.
Can I export the audit log?
Yes — to PDF (signed) or Excel. The export includes a verification hash so an auditor can confirm it wasn't doctored after export.
Does Papyrus support GDPR / Kenya DPA / ISO 27001?
Yes. The platform is built with these regimes in mind: consent records, DSAR fulfilment, RoPA generation, breach notification workflows, ISMS-aligned controls. Tenants are responsible for their own certification; Papyrus provides the audit-defensible foundation.
What happens if Papyrus.io itself is audited?
We undergo annual SOC 2 Type II audits. Audit reports are available under NDA on request.