From log file to evidence

The audit story line

Auditors evaluate not only whether you log, but whether your data causality is provable. Tuurio ID creates this evidence chain automatically and tamper-resistant.

Lifecycle of a security-critical action

Step 1: Identity

Strong authentication

Can you rule out that login happened only with a stolen password?

Tuurio ID logs not only success, but also the method. An audit entry proves passkey usage (WebAuthn), making phishing attacks practically ineffective.

Step 2: Tracing

The X-Correlation-ID

How are this web request and this database entry connected?

Every click gets a unique ID. It flows from browser through APIs into the audit log. This closes the observability gap and provides causal proof for each action.

Step 3: Protection

Encryption in the vault

Who had access to plaintext at the moment of storage?

Before data touches disk, it is encrypted in memory. The audit system logs not the value itself but access to the encryption key.

Step 4: Report

Forensic export

Provide all activities from user X within the last 24 hours.
Audit result:
[14:02:01] ACTION: VAULT_UPDATE | CID: 882-abc | AUTH: Passkey (iPhone) | STATUS: SUCCESS
What auditors concretely check:
  • Immutability: Logs must not be editable afterwards.
  • Causality: Identity and action must be linked (correlation ID).
  • Data minimization: No sensitive data should be stored directly inside logs.
  • Response time: Ability to report incidents quickly (NIS2).