Knogin
[Developers]

DoC Audit Domain

After a traveler safety incident, the organisation's legal team needs to demonstrate that every required action was taken: when the alert fired, who received it, what response was initiated, and how long each step took.

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscomplianceblockchain

Overview#

After a traveler safety incident, the organisation's legal team needs to demonstrate that every required action was taken: when the alert fired, who received it, what response was initiated, and how long each step took. If that record does not exist in structured, tamper-evident form, the organisation's duty of care defence is built on verbal recollection rather than documented evidence. The DoC Audit domain provides the structured audit trail that makes that defence possible.

Key Features#

  • Comprehensive audit event capture for duty of care operations.
  • Provider action logging and accountability tracking.
  • Incident audit trail with timeline reconstruction.
  • Configuration change auditing.
  • Organisation-scoped audit records.
  • Tamper-evident audit storage.
  • Audit search and filtering capabilities.
  • Compliance reporting from audit data.

Use Cases#

Legal teams defending duty of care claims review the complete audit trail of actions taken during an incident, with tamper-evident records providing defensible documentation of the organisation's response timeline.

Compliance officers generate audit-based reports demonstrating that the duty of care programme followed documented procedures for every traveler incident within a specified reporting period.

Operations managers reconstruct incident timelines for post-event review, identifying where response delays occurred and what procedural improvements would reduce future response times.

Provider accountability teams monitor provider action logs to verify that contracted response organisations are meeting their performance commitments, with audit records providing the evidence base for service level discussions.

Integration#

Integrates with general audit trail, DoC incident management, and DoC provider systems for unified duty of care auditing.

Open Standards#

  • GraphQL (June 2018 specification): all audit log queries, entity history, user activity, and statistics are exposed through a typed GraphQL schema, enabling structured, tenant-scoped querying of the audit trail.
  • OAuth 2.0 / JSON Web Tokens (RFC 7519): every REST and GraphQL endpoint enforces JWT bearer-token authentication, with tenant-scoped Row-Level Security applied after token validation.
  • SHA-256 (FIPS 180-4): each audit entry is assigned a forward-linked integrity hash computed over its core fields and the previous entry's hash, and Merkle tree nodes are built with pairwise SHA-256 concatenation to form tamper-evident anchors.
  • RFC 3161 (Internet X.509 PKI Time-Stamp Protocol): the anchor service supports optional submission of each period's Merkle root to an external Time-Stamp Authority, binding the audit chain to a cryptographically verifiable point in time.
  • ISO 8601: all timestamps are stored with timezone precision and exported in ISO 8601 format, ensuring consistent ordering and interoperability with compliance reporting tools.
  • OWASP Application Security Verification Standard (ASVS) V7.1, Audit Log Content: PII fields are redacted from old_data, new_data, and metadata before the integrity hash is computed, satisfying ASVS V7.1.1 and V7.1.2 requirements for audit log data minimisation.
  • RFC 4180 (CSV format): the compliance export endpoint serialises audit records as RFC 4180-compliant CSV, with injection-safe row sanitisation, for ingestion by legal and compliance tooling.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.