An audit trail is a chronological record of all relevant activities in a system that enables complete traceability. Each entry typically contains a timestamp, the acting person, the action performed, and the affected object.
ISO 27001 Annex A control A.8.15 (Logging) is the central requirement for audit trails. They serve both the detection of security incidents and the provision of evidence to auditors. For audit trail integrity, it is essential that entries cannot be modified after writing (append-only principle) and that timestamps come from a trusted source (NTP). In regulated environments (e.g., financial sector, healthcare), specific retention periods for audit trails often apply.