COMPLIANCE & AUDIT

When the auditor asks ‘who accessed what and when,’ you need an answer. Not a shrug.

InternalWiki logs every question, every source retrieved, every permission check, and every answer generated. Full audit trail, searchable and exportable. Every AI answer traced to its source.

Start for free

The audit question you can't answer today

It's Q4. The external auditor asks: ‘Can you show me which employees accessed the compensation data in the last 90 days, what questions they asked about it, and what answers they received?’

With most AI tools, the answer is: ‘We can't. The AI read everything and we don't have logs of what it returned to whom.’

With InternalWiki: You open the admin panel, filter the audit log by source document (Compensation Framework.xlsx), set the date range to 90 days, and export a CSV showing every query that accessed that document, who asked, what was returned, and what the confidence score was. Time: 30 seconds.

Every question. Every source. Every check.

Audit Log

Every entry is searchable, filterable by user, date, source document, and confidence level. Exportable as JSON or CSV.

Everything the audit trail captures

Who asked

Full user identity linked to your SSO. Every question attributed to a specific person.

What they asked

The exact question text, timestamped to the millisecond.

What was retrieved

Every document chunk that was pulled from the vector database, including chunks that were filtered out by permissions.

What was filtered

Which documents were excluded and why. Permission denials are logged explicitly — not silently dropped.

What was returned

The full generated answer, including citation markers and the specific passages cited.

Confidence and timing

The confidence score, the model used, token count, and response latency. Everything needed to investigate anomalies.

Permission enforcement is compliance enforcement

Most AI tools have a compliance problem they don't talk about: the AI reads EVERYTHING, including documents the user isn't supposed to see, and then tries to filter the output. If the filter fails — and probabilistic filters sometimes do — sensitive information leaks into the answer.

InternalWiki's permission enforcement happens at the database query level. Unauthorised documents are excluded before the AI processes anything. There is no output filter to fail because there's nothing to filter — the sensitive content was never retrieved.

WHERE permissions.user_id = $current_user
  AND permissions.access_level >= 'read'

This runs on every single query. No exceptions. No cache bypass. No shortcut.

Built for regulated environments

Audit Log — Filters

09:14:22 QUERY user=sarah.chen "What is our parental leave policy?"

09:14:22 RETRIEVE user=sarah.chen 6 chunks from 4 sources — 2 filtered (permission denied)

09:14:23 RESPOND user=sarah.chen confidence=0.94, citations=2, latency=899ms

09:32:05 QUERY user=james.ward "Who approved the Q3 budget increase?"

09:32:06 RESPOND user=james.ward confidence=0.87, citations=1, latency=1.2s

09:47:11 QUERY user=priya.patel "What are the salary bands for engineering?"

Ready for the next audit

Full trail from question to answer to source. Always.

Start for free

Enterprise plans include 1-year log retention and custom compliance configurations.