The audit log and using it as evidence
Every change to your compliance posture is written to an append-only audit log: who did what, and when. It is the evidence trail you can show an authority or an auditor.
Updated May 2026
What it records
Every mutation in Veillo is logged. That includes classifications confirmed or reclassified, documents generated, quarterly reviews signed off, members added or changed, and tools imported from discovery. The log is append-only, so entries are never edited or removed, only added.
Reading an entry
Each entry has three parts:
- When: the date and time of the change.
- Actor: the person who made it, or "System" for an automated step like a sync.
- Event: a plain summary of what happened, with a short event code beneath it for precise reference.
Export and evidence
The log is the backbone of an audit-ready posture: if an authority asks how a decision was made, you can show who classified a system and when, and that your reviews were done. On the Scale plan you can export the whole log to CSV from Export CSV. You can also give an external auditor a read-only Auditor view of the record without letting them change anything. See roles and your team and where your data is stored.
The five roles in Veillo (Owner, Admin, Editor, Reviewer, Auditor), what each can do, and how to invite teammates or give an external auditor read-only access.
What the quarterly review is, the three statements you confirm, who can sign it off, and how it keeps your register honest.
Veillo stores data in the EU by design. Where your data lives, how GDPR and the DPA work, who can see your records, and what we do not do with them.
Still need help?
Get in touch and a human will answer, or book a short walkthrough.