Auditability & Compliance
High-Level Overview
Iron Book provides comprehensive auditing and reporting for all agent activity, ensuring accountability and meeting regulatory audit requirements. Every action by an AI agent is logged immutably, tagged with the agent’s DID, timestamp, action, resource, and policy decision.
Audit trails are tamper-evident and can be ingested by SIEM/GRC tools. Iron Book also includes built-in compliance checks (e.g. policy violation alerts, periodic attestation reports) to help organizations prove adherence to standards.
Technical Architecture
Event Logging
All significant events (logins, credential issuance/revocation, policy decisions, data accesses, configuration changes) are logged in real time. Logs use a verifiable logging format: each entry includes the agent’s DID and relevant VCs, the resource ID, action type, outcome (allow/deny), and cryptographic evidence (e.g. token signature IDs). Logs are written to a write-once store or append-only ledger so they cannot be altered retroactively.
Correlation and Indexing
Logs are indexed by agent, resource, and policy. This allows rapid querying (e.g. “show all actions by agent did:xyz on database X in the last month”). Iron Book can forward logs to enterprise log management via syslog or API connectors (e.g. to Splunk, Elastic, or cloud log services). It also tags logs with standard fields like ISO timestamps, making cross-system correlation easy.
Verifiable Audit Trails
Optionally, Iron Book can anchor log hashes into a blockchain or Merkle tree at intervals for cryptographic attestation of log integrity. This provides an extra layer of tamper-evidence for forensic audits.
Real-Time Alerts & Reports
The system can be configured to alert compliance officers on certain events (e.g. an agent exceeding its trust threshold, or bulk data requests). It can generate periodic reports (e.g. quarterly SOC 2 access reviews) automatically.
Policy Compliance Verification
Iron Book can perform continuous compliance checks. For example, it can automatically verify that all active agents have up-to-date credentials (e.g. annual attestations for PII access) and flag any lapses.
Developer Integration (Example)
Audit logs are accessible via API or SDK. For example, to query audit events for a given agent:
// Using Iron Book CLI or API:
ironbook logs query --agent-did did:example:Agent123 --start 2025-01-01 --end 2025-06-01This returns JSON entries like:
{
"timestamp": "2025-06-01T14:23:45Z",
"agentDID": "did:example:Agent123",
"action": "write",
"resource": "db://customer_profiles",
"outcome": "DENY",
"reason": "Policy Violation: data-region"
}Developers can integrate these logs into compliance dashboards. For instance, Iron Book provides a webhook to push alerts to Slack/email whenever a policy is violated, facilitating real-time response.
Logs can also be consumed by Azure Monitor or Amazon CloudWatch via the Iron Book log connector.
Compliance & Standards Mapping
Iron Book’s audit capabilities align with multiple compliance requirements:
| Standard | Iron Book Compliance |
|---|---|
| SOC 2 (Auditability, Integrity) | Requires maintaining detailed records of system activity. Iron Book’s immutable agent logs and automated reports fulfill the TSM (Trust Services) criteria for logging and monitoring. |
| PCI DSS | Section 10 mandates tracking all access to cardholder data. Every agent access to payment systems is logged with agent identity, fulfilling PCI logging standards. |
| HIPAA | §164.312(b) requires “audit controls” that record system activity. Iron Book’s per-agent logs and alerts satisfy HIPAA’s audit control rule for automated tracking of PHI access. |
| GLBA | Under FFIEC guidelines, financial institutions must monitor and log access to sensitive data. Iron Book’s logs provide the evidence of who (which agent) accessed what and when. |
| SOX | Section 404 compliance demands audit trails for financial systems. Agent interactions with financial ledgers (e.g. query/create entries) are fully auditable. |
| GDPR | Article 30 and principle of accountability require processing records. Agent logs help demonstrate which automated processes handled personal data. In case of a breach, these logs show exactly which agent was involved. (Additionally, logs support breach notification timelines by identifying affected data flows). |
| ISO 42001 | Requires evidence of AI system governance. Iron Book’s logs and reports provide documentation of controls and agent behavior over time. |
IAM Interoperability
Audit logs can be correlated with external identity logs. For example, if an agent is mapped to an Azure service principal, Iron Book can inject the Azure AD login name into the log. Conversely, Azure AD sign-in logs can include custom data from Iron Book (via Azure’s diagnostic settings) for agent actions.
AWS Cognito events (e.g. token issuance) can be forwarded to Iron Book to unify user/agent logs. Iron Book also supports SAML/OpenID Connect audit hooks: SAML assertions from Entra ID or OIDC tokens can be recorded as part of an agent’s audit trail.
This interoperability ensures a single pane for compliance officers: they can trace an incident from the corporate IAM side through to the agent’s Iron Book activity.
Updated 5 days ago