Audit logging

Forest keeps a record of significant actions in your account. When inputs change, when access is granted, and when settings are adjusted, that activity is captured so you can answer who did what and when.

Why a record matters

A security program built on assessment data is only as trustworthy as your ability to explain how it got that way. If an Org Score shifts, you should be able to trace it to a specific change made by a specific person at a specific time. Audit logging gives you that trail. It supports investigations, satisfies compliance reviewers, and removes guesswork when something looks off.

This pairs naturally with how the Forest Intelligence Service works. Scores are deterministic, so the same inputs always produce the same outputs. The audit record tells you when those inputs changed, and the deterministic engine tells you exactly what the change did.

What the record helps with

• Confirming who updated criticality, target maturity, or other inputs.

• Reviewing when access was granted, changed, or removed.

• Reconstructing the sequence of events during an incident or audit.

When a score moves unexpectedly, start with the activity record. The change almost always traces to an input someone adjusted, and the log shows you which one.

The audit record also covers activity from outside your team. See Support access for how Forest support activity is captured, and Role-based access control for who can take the actions that get logged.