Back to Compliance Portal

Compliance document

Audit Logging Overview

Summary of VerbalCheck audit logging expectations for security, privacy, and operational review.

Status

Published overview

Effective date

June 2026

Audience

Security reviewers, compliance officers, IT administrators, and support teams

Audit event categories

  • Authentication, logout, session, and account state events.
  • Policy view and legal acceptance events.
  • Administrative user, class, assignment, institution, and LTI configuration actions.
  • Submission, interview, report, export, and grade synchronization activity.
  • Security-relevant API, authorization, and integration events.

Log handling principles

  • Collect enough information to support troubleshooting, security investigations, and compliance review.
  • Avoid logging unnecessary student content, secrets, tokens, passwords, or full sensitive payloads.
  • Mask or redact sensitive values where practical.
  • Restrict log access to authorized operational personnel.

Customer reporting

Institution-specific audit reporting should be scoped by agreement, role, and technical feasibility. Some audit records may be operational logs rather than customer-facing reports.