An audit trail is a secure, computer-generated, time-stamped record that logs every action taken on a piece of data or document, capturing who did it, what changed, and when. In document AI and commercial real estate workflows, it records each extraction, edit, and approval so any final value can be traced back through its full history.
What Is an Audit Trail?
An audit trail is a chronological, tamper-evident log that independently records the creation, modification, and deletion of records. Per FDA 21 CFR Part 11, section 11.10(e), compliant systems must use computer-generated, time-stamped audit trails that record the date and time of operator entries and actions. It answers who, what, and when for every change.
The core fields of an audit trail are consistent across regulated and unregulated systems. Each entry ties an actor to an action, a timestamp, and the values before and after the change. In document AI, an extracted value that a reviewer corrects generates an entry showing the original machine output, the human-corrected value, the user, and the moment of the edit.
Field | What it records |
Who | The unique user or system that performed the action |
What | The action: create, modify, delete, approve, or void |
When | Exact date and time from a synchronized clock, often ISO 8601 |
Before and after | The value prior to the change and the value after it |
Why | An optional reason for change, required when data is altered |
Why an Audit Trail Matters
An audit trail matters because a value with no history is a value no one can defend. It converts a static number into a reviewable record showing who touched it and when. Per the FDA's data integrity guidance, audit trails are the practical expression of the ALCOA principles: Attributable, Legible, Contemporaneous, Original, and Accurate.
In commercial real estate, extracted figures flow into models that move valuations and clear investment committees. When a base rent or expiration date is later disputed, the audit trail is what separates a defensible record from a guess. It shows whether a machine produced the value, whether a human reviewed it, and whether it was changed after approval.
The quotable principle: an audit trail turns "trust me" into "check the log." That is the difference between a number you can stand behind in diligence and one you cannot.
Example
A reviewer processes a 30-page lease through an extraction system. The system pulls 60 fields, the reviewer corrects 4, and an approver signs off. The audit trail records each event with an actor and timestamp. The table below shows four representative entries from that one document's log.
Timestamp (UTC) | User | Field | Before | After |
2026-07-02 14:02:11 | system | Base Rent PSF | (none) | $32.50 |
2026-07-02 14:31:47 | j.reyes | Base Rent PSF | $32.50 | $34.00 |
2026-07-02 14:33:05 | j.reyes | Expiration Date | 2029-11-30 | 2030-01-31 |
2026-07-02 15:10:22 | m.okafor | Document Status | In Review | Approved |
The log makes the full history legible. Of 60 extracted fields, 56 passed unchanged and 4 were corrected by user j.reyes, a 6.7% correction rate on this document, derived as 4 divided by 60. If the base rent is later questioned, the trail shows the machine reported $32.50, a named reviewer raised it to $34.00 at 14:31, and an approver finalized the document at 15:10. Nothing about the number is unaccounted for.
Variations and Edge Cases
Audit trails differ in how much they capture and how strongly they resist tampering. A basic log records only edits; a strict one records reads, exports, and reasons for change. The variants below determine how much a trail can prove after the fact.
Variant | Treatment |
Change-only log | Records creates, edits, and deletes, but not views |
Full-access log | Also records reads, exports, and prints for sensitive data |
Reason-for-change | Requires a documented justification when a value is altered |
Immutable trail | Write-once storage that cannot be edited after the fact |
Retention window | How long entries are kept before archiving or purge |
The common failure is a trail that can be switched off or overwritten. If a user can disable logging or edit past entries, the audit trail proves nothing. Regulators treat an alterable or optional audit trail as equivalent to no audit trail, which is why immutability and always-on capture are the load-bearing properties.
Audit Trail vs Version History
An audit trail is often confused with version history, and both track change over time, but they answer different questions. Version history stores snapshots of a document at points in time, letting you restore an earlier state. An audit trail records the discrete actions between those states: who changed what field, when, and why.
Version history tells you what the document looked like yesterday. An audit trail tells you that user j.reyes raised base rent from $32.50 to $34.00 at 14:31 and that an approver signed off 40 minutes later. Version history is for recovery; an audit trail is for accountability, and only the audit trail attributes each change to an actor.
Frequently Asked Questions
What is an audit trail in data and document management?An audit trail in data and document management is a secure, time-stamped log that records every create, modify, and delete action on a record, capturing who performed it and when. It makes each value traceable to its full history so a final figure can be verified rather than trusted.
What information must an audit trail capture?An audit trail must capture who performed an action, what the action was, when it occurred, and the values before and after the change. Under FDA 21 CFR Part 11, section 11.10(e), it must be computer-generated and time-stamped, and it should record a reason for change when data is altered.
How is an audit trail different from version history?Version history stores snapshots of a document so you can restore an earlier state, while an audit trail records the individual actions between states, attributing each change to a user with a timestamp. Version history is for recovery; an audit trail is for accountability.
Related Terms
Source Citation
Human-in-the-Loop
Confidence Score
Document Extraction
Due Diligence