Audit Logs within the OWL platform serve as a foundational tool for tracking and recording all system activities and events. They are instrumental in promoting transparency, accountability, and security throughout organizational operations.
By systematically capturing key actions and changes, audit logs help:
• Protect sensitive information
• Support regulatory compliance requirements
• Strengthen cybersecurity defences
• Maintain operational integrity
These detailed records empower administrators with real-time insights into system usage, enabling proactive monitoring, effective data management, and swift response to potential issues.
Audit Logs – Security, Accountability, and Compliance
The OWL Intelligence Platform Audit Logs module provides a permanent, immutable, and comprehensive record of all system activity across the platform. Audit logs are designed to support law enforcement, government, and regulated insurance environments, where accountability, traceability, and evidentiary defensibility are required.
Audit logging in OWL is not optional, not configurable by end users, and cannot be disabled.
Core Principles of OWL Audit Logging
OWL audit logs are built on the following principles:
- Immutability: Audit logs cannot be edited or altered
- Permanence: Audit logs are never deleted or purged
- Completeness: All user and system actions are logged
- Traceability: Every log entry is tied to a user, time, and system context
- Defensibility: Logs support forensic, regulatory, and legal review
These principles ensure OWL audit logs can function as an authoritative record of system activity.
What Is Logged in OWL
OWL audit logs capture everything users do within the platform, across all modules.
Authentication and Access Events
- User logins and logouts
- Date and time of authentication
- Source IP address
- Authentication success and failure events
This supports access accountability, CJIS oversight, and incident investigation.
Case-Level Activity
OWL records every interaction with a case, including:
- Case access and views
- Case edits and status changes
- Records attached to or accessed within a case
- Users who viewed a case, even when no edits occurred
This allows administrators to reconstruct who accessed a case, when, and what actions were taken, which is critical for law enforcement and sensitive investigations.
Record and Data-Level Activity
For records managed in OWLdocs and other modules, audit logs capture:
- Record creation, access, and deletion
- Attribute-level changes to records
- Previous value and new value for each changed attribute
- Date and time of each change
- User identity responsible for the change
OWL does not simply log that a record was modified, it logs exactly what changed.
Module Context
Every audit event records the OWL module in which the action occurred, such as:
- OWLdocs
- Case Management
- Subjects
- Forms
- Administrative settings
This allows auditors and administrators to understand where in the system an action took place.
Administrative and Configuration Activity
Audit logs also track administrative actions, including:
- Changes to access rights and permissions
- Retention and compliance configuration changes
- Legal hold application or removal
- Other system governance actions
This ensures oversight of both operational and administrative users.
Audit Log Access and Filtering
Authorized administrators can access audit logs through the Audit Logs module and apply filters to retrieve specific activity.
Supported Filters:
- User
- Case
- Module
- Date and time range
Using these filters, an administrator can:
- View everything associated with a specific case
- View everything a specific user has done across OWL
- Investigate activity within a defined time window
- Support internal reviews, audits, and investigations efficiently
Audit Log Integrity and Retention
OWL audit logs have the following protections:
- Audit logs cannot be edited
- Audit logs cannot be deleted
- There is no expiration or purge process
- Administrative users cannot override or suppress audit records
Because audit logs are permanent and immutable, they provide a continuous, gap-free history of system activity.
Compliance and Regulatory Alignment
OWL audit logging supports compliance with common requirements found in:
- CJIS Security Policy
- Internal Affairs and investigative accountability standards
- Public sector audit requirements
- Regulated insurance and SIU oversight programs
Specifically, OWL audit logs support:
- User accountability and non-repudiation
- Case access auditing
- Field-level data change tracking
- Administrative oversight
- Long-term audit retention expectations
OWL audit logs are suitable for:
- Internal and external audits
- Internal affairs investigations
- Litigation and discovery support
- Regulatory and oversight reviews
Use of Audit Logs in Investigations and Reporting
OWL audit logs are designed to be used both reactively and proactively:
- Reconstruct timelines of case activity
- Investigate unauthorized or unusual access
- Support disciplinary or compliance reviews
- Respond to auditor or regulator inquiries
- Validate system usage against internal policy
All audit review activity itself is also auditable.
Key Distinction: OWL audit logs are not simple system logs and are not limited to data edits.
They provide:
- Case-level access auditing
- Full user behavioral history
- Attribute-level change tracking
- Authentication telemetry with IP address
- Permanent retention without deletion
This makes the OWL audit subsystem a core security and governance feature - not an auxiliary reporting tool.
Summary
OWL Audit Logs provide:
- Immutable and permanent audit records
- Complete visibility into user and case activity
- Attribute-level data change history
- Authentication auditing with IP attribution
- Cross-module traceability
- Administrator-level filtering and review
These capabilities ensure OWL can serve as a defensible system of record in regulated, investigative, and high-assurance environments.
Access Audit Logs
Steps to Access Audit Logs:
1. Click Administration.
2. Click Data Administration from the OWL Admin menu.
3. Click Audit Logs.
4. This will open the Audit Logs page.
• Here, you can track all user activity and actions across the organization.
• The Audit Logs page displays Log Date, Log Message, Username, and Module columns.
• This page can be filtered by clicking the Filters top right corner of the table.
Audit Log Filters:
• Username: This dropdown lists all system users. Select a specific user to filter and view only that user's audit log entries.
• Log Type: Represents the various modules within OWL (e.g., Authentication, Record Management). Choose a module from the dropdown to view audit logs related to that specific area.
• Created From / Created To: Use these date fields to narrow down audit logs within a defined time range. Enter the start and end dates to filter logs accordingly
Access and Permissions:
• The users with administrator licenses can access all users' audit logs.
• The users with Supervisors and Admin Team licenses can access only the audit logs of the users who belong to their respective departments.