Audit Evidence Package
This guide describes the evidence AccessLedger can provide today during a founder-led pilot. It is intentionally narrower than a claim that the product already delivers a complete compliance program.
What AccessLedger can provide today
- Credential inventory records with ownership, storage location, risk level, and rotation schedule metadata
- Access request history with requester, approver, timestamps, durations, and closeout notes
- Audit log events for key workflow actions
- CSV export of audit events for external review
- Rotation follow-up context captured during request closure
Suggested evidence package
For a pilot review or audit-prep conversation, prepare:
- A small credential inventory export or screenshots of the registered high-risk credentials
- One or more representative access requests showing request, approval, expiry, and closure
- The audit log or CSV export covering the relevant time window
- Any follow-up notes explaining why a credential was or was not rotated after use
How to collect the package
- Review the request history for the target incident or audit period.
- Open each access request and confirm the requester, approver, reason, duration, and closure notes.
- Export the audit log from the audit page for the same date window.
- Save the evidence alongside any customer-specific incident or change-management references used during the pilot.
Current limits
- The exported evidence is useful for audit preparation, but Phase 11 is where tamper-evident or signed evidence bundles are planned.
- AccessLedger does not currently store the secret value itself, so the evidence package is about workflow and accountability rather than vault custody.
- Pilot customers should validate that the exported fields match the evidence format their auditors or reviewers expect.