Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dualentry.com/llms.txt

Use this file to discover all available pages before exploring further.

Audit Trail and Compliance

DualEntry captures an immutable audit trail for every data change in the system. This trail provides the evidence your auditors need and underpins compliance with SOC 2, SOX, and other regulatory frameworks.

What the Audit Trail Captures

Every user and system action that modifies data generates an audit event. Captured actions include:
  • Record creation - when a bill, invoice, journal entry, or any other record is created.
  • Field updates - changes to any field on a record, with before and after values.
  • Status changes - transitions such as draft to posted, or open to closed.
  • Approval actions - every approve, reject, request-changes, and delegate action from approval workflows.
  • Login events - successful and failed authentication attempts.
  • Role changes - when a user’s role or permissions are modified.
  • Period lock/unlock events - when an accounting period is locked or unlocked.
  • Bulk operations - mass updates, imports, and reclassifications, logged as a group with individual line-level detail.
Each audit event records the timestamp, user identity, IP address, action type, before/after values for changed fields, and the affected record’s type and ID.

Retention Policy and Configuration

DualEntry retains audit trail data for seven years by default. This satisfies the retention requirements of most financial regulations and audit standards. If your organization needs a different retention window-shorter for non-regulated entities or longer for industries with extended requirements-your tenant administrator can adjust the retention period in Settings → Audit Trail → Retention. The retention clock starts from the date of each individual event. When an event reaches the configured retention limit, it becomes eligible for purge during the next automated cleanup cycle. Events tied to open or active records are exempt from purge regardless of age, so you never lose trail data for records still in use. You can export aged events to long-term storage before they are purged if your archival policy requires it.

SOC 2 and SOX Compliance

DualEntry’s audit trail satisfies the common criteria for change management and logical access controls under SOC 2 Type II. Your auditor can pull activity logs scoped to any user, date range, or record type. The trail demonstrates that all changes are attributable to an identified user and that access controls are enforced consistently.
DualEntry undergoes an annual SOC 2 Type II examination. Contact your account team for the most recent report.
For organizations subject to SOX, DualEntry provides the control triad that auditors look for: period locking prevents changes to closed periods, approval workflows enforce segregation of duties, and the audit trail proves who approved what and when. The audit trail records every approval action with the approver’s identity, timestamp, and comments. Combined with entity-scoped permissions, this demonstrates that no single individual can both initiate and approve a transaction-satisfying the segregation-of-duties requirement.

Accessing the Audit Trail

You access the audit trail from Settings → Audit Trail. The interface provides filters for:
  • User - see all actions by a specific person.
  • Action type - narrow to creates, updates, deletes, approvals, or logins.
  • Record type - scope to bills, invoices, journal entries, or any other record type.
  • Date range - define a start and end date for the activity window.
Export filtered results to CSV for inclusion in auditor workpapers. The export includes all event detail fields and is timestamped for traceability. Developers can also query the audit trail via the API to build custom compliance dashboards, feed events into a SIEM, or automate compliance reporting. API queries support the same filters available in the UI and return paginated JSON responses.
Audit trail records are append-only. Neither users nor administrators can modify or delete audit events, even with Admin-level permissions.
Last modified on May 28, 2026