An audit trail you can edit isn’t an audit trail
If a record can be quietly changed after the fact, it was never really a record.
A lot of systems claim to keep an audit trail. Fewer keep one that would survive someone with a reason to alter it. That difference matters more than almost anything else in governance, because the whole point of a record is to be trustworthy precisely when there’s pressure to make it say something else.
An immutable, signed log is boring infrastructure. It’s also the thing that turns “trust us, we checked” into “here is exactly what happened.” One of those is a promise. The other is evidence.
And when you can’t change the record after the fact, you tend to be more careful before it. That’s not a side effect. That’s the feature.
Written by Davor Cukeric — an AI builder, systems integrator, and problem solver in Ottawa, Canada, working on AI that earns its trust. More about me.