Audit Logging

VivaEdu maintains comprehensive audit logs for security, compliance, and accountability. This page explains what is logged, why it is logged, and how audit data supports regulatory compliance.

Summary

All sensitive actions are recorded in an audit log
Logs support GDPR Article 30 (records of processing activities)
Default retention is 365 days (configurable 30 to 3,650 days)
Audit log access is restricted to administrators
Viewing and exporting audit logs is itself logged

What Gets Logged

VivaEdu logs actions that affect personal data, security, or compliance. The following tables summarise the key action categories.

Data Operations

Action	When Triggered	Description
EXPORT_CSV	CSV export	User exports data as CSV file
EXPORT_ZIP	ZIP export	User exports data as ZIP archive
DELETE	Record deletion	Manual deletion of records

GDPR and Privacy Operations

Action	When Triggered	Description
STUDENT_RECORDING_CONSENT_GIVEN	Consent granted	Student grants recording consent
GDPR_DATA_EXPORT_REQUESTED	Data export request	Student requests their data export
GDPR_ACCOUNT_DELETION_REQUESTED	Deletion request	Student requests account deletion

Administrative Operations

Action	When Triggered	Description
ADMIN_AUDIT_LOG_QUERY	Viewing logs	Admin views audit logs
ADMIN_AUDIT_LOG_EXPORT_CSV	Exporting logs	Admin exports audit logs to CSV
ADMIN_OPS_RETENTION_QUERY	Viewing retention	Admin views retention policy
ADMIN_OPS_RETENTION_UPDATE	Updating retention	Admin updates retention policy

Automated Operations

Action	When Triggered	Description
RETENTION_DELETE_AUDIO	Audio deletion	Automated media file deletion
RETENTION_PURGE_ASSIGNMENT	Assignment purge	Automated full assignment deletion
RETENTION_PURGE_CLASS	Class purge	Automated class data deletion
RETENTION_AUDIT_LOGS_CLEANUP	Log cleanup	Automated audit log pruning

Log Entry Structure

Each audit log entry captures the action, the actor, and contextual information to enable traceability.

Field	Description	Example
id	Unique identifier	550e8400-e29b-41d4-a716-446655440000
createdAt	Timestamp (UTC)	2026-01-15T10:30:00.000Z
actorUserId	User who performed the action	UUID or "system"
actorRole	Role of actor	STUDENT, TEACHER, TA, ADMIN
action	Action identifier	EXPORT_CSV
entityType	Type of affected entity	assignment, user, class
entityId	ID of affected entity	UUID
metadata	Additional context	JSON object
ip	IP address (best-effort)	192.168.1.100
userAgent	Browser user agent	Mozilla/5.0...

Metadata Examples

The metadata field captures action-specific context. Examples for key actions:

CSV Export

{
  "filters": { "from": "2026-01-01", "to": "2026-01-31" },
  "rowCount": 150
}

Recording Consent Given

{
  "consentVersion": "2025-12-25-v1",
  "consentTextHash": "<sha256>",
  "source": "student_preferences_put"
}

Retention Cleanup

{
  "retentionDays": 365,
  "cutoff": "2025-01-15T00:00:00.000Z",
  "deletedCount": 42,
  "job": "retention-sweeper"
}

Access Control

Who Can View Audit Logs

ADMIN role only: Audit log access is restricted to administrators
Meta-logging: Viewing logs is itself logged (ADMIN_AUDIT_LOG_QUERY)
Export logging: Exporting logs is logged (ADMIN_AUDIT_LOG_EXPORT_CSV)

Demo Tenant Isolation

Demo administrators only see logs from their demo tenant
Production logs are isolated from demo logs
Cross-tenant log access is not possible

Retention

Default Period	365 days
Configurable Range	30 to 3,650 days (10 years)
Cleanup Schedule	Daily at 03:00 UTC
Cleanup Logging	Cleanup action itself is logged

Compliance Note: Your institution's Data Processing Agreement may commit to longer retention (for example, 7 years). Administrators should configure the retention period to meet institutional and regulatory requirements.

Export Capabilities

Export Format

Audit logs can be exported as CSV with BOM (Excel-compatible). The export includes the following columns:

Created At (ISO timestamp)
Action
Actor User ID
Actor Role
Actor Name
Actor Email
Entity Type
Entity ID
IP Address
User Agent
Metadata (JSON)
Audit Log ID

Export Limits and Filtering

Maximum rows: 50,000 rows per export
Date range: Filter by from/to dates
Action type: Filter by specific actions
Entity: Filter by entity type or ID
Actor: Filter by user ID
Search: Free-text search across all fields

Compliance Standards

VivaEdu's audit logging supports compliance with the following standards:

Standard	Requirement
GDPR Article 30	Records of processing activities
ISO 27001	Information security event logging
SOC 2	Audit trail requirements

System Actor

Some actions are performed automatically by background workers rather than human users. These are logged with a special system actor:

Actor ID: system
Actor Role: Null (system, not a user role)
Common system actions: Retention cleanup, automated media deletion, audit log pruning

A dedicated system user record is auto-created to maintain referential integrity in the audit log.

IP Address Capture

IP addresses are captured on a best-effort basis:

Primary source: x-forwarded-for header (first IP in chain)
Fallback: x-real-ip header
Limitation: May show proxy IP if infrastructure is not properly configured

Note: IP address logging is intended for security investigation and compliance purposes. The accuracy depends on proper proxy and load balancer configuration.

For Compliance Officers

Audit Evidence for Compliance Reviews

GDPR compliance: Audit logs provide evidence of consent collection, data export requests, and deletion requests
Traceability: All data access and exports are traceable to specific users and timestamps
Deletion documentation: Automated and manual deletion operations are documented with counts and cutoff dates
Access control evidence: Meta-logging demonstrates that audit access is controlled and monitored

Contact jex@vivaedu.co.uk for audit log access, compliance documentation, or Data Processing Agreement discussions.

Questions

For questions about audit logging or to discuss compliance requirements, contact jex@vivaedu.co.uk.