Audits and Evidence
Who this is for
Auditors, security teams, and admins responsible for compliance.
Goal
Understand what evidence Owlie captures and how it supports audits.
Prereqs
- /fundamentals/glossary
Success criteria
You can identify the evidence Owlie produces for approvals, fulfillment, and configuration changes.
Concept
Evidence is the recorded trail of who approved what, when they did it, and what was fulfilled. Audits are the process of validating that evidence.
How Owlie models it
- Requests and tickets record approvals and fulfillment.
- Audit events record system changes and access decisions.
What’s different vs typical IGA
Owlie uses a consistent request and ticket model so evidence is uniform across workflows.
What Owlie does not do
Automated compliance reporting and certification exports are not available yet.
Example
An access request for a production database produces tickets for approvals, a fulfillment record, and audit events that can be exported as evidence.
Troubleshooting
- If evidence is incomplete, verify that approvals were completed and that the request was fulfilled, then export data via the API.
Next steps
- /security/audit-logging
- /implement/reporting/audit-evidence-export