Immutable Logs For Full Audit Trails

Transparency & Traceability

Comprehensive WORM Logs

A full audit trail is created for all activities in Filemail, such as uploads, downloads, logins, logouts, visits, and opened emails. This allows the administrators in your organization to easily keep track of all event and all business sensitive files going in and out. Individual users can easily keep track of their own files and transfers, including tracking recipients, downloads, and much more.

Filemail stores extensive logs recording file transfer, and user activity in a compliant WORM (Write Once Read Many) format. The logs are granular, immutable, and are available for the full customer lifecycle. The logs clearly align with requirements such as transparency, traceability and supervisory reviews.

full auditable trails
Aligning With Regional and Domain-Specific Regulations

Ensuring Compliance 

Our posture enables your organization to adhere to the following stipulations in regard to file transfer activity logs.

  1. Cyber Essentials UK: Transfer logs to cover access, including failed access attempts. Logs must be tamper-proof.
  2. FINRA: Logs must capture all user and file transfer activity that could affect business records. Logs must be accurate, complete, and immutable.
  3. FISMA: Comprehensive tamper-proof logs that record file transfer and access events.
  4. GDPR: File transfer logs must be accurate, protected from alteration, and retained only as long as is necessary.
  5. GLBA Safeguards Rule: Detailed audit trails as proof to detect, prevent, and respond to unauthorized access. Logs should be tamper-resistant and auditable.
  6. HIPAA: Record all activity involving ePHI (uploads, downloads, access, etc), for up to 6 years, and be tamper-proof.
  7. NSM ICT (Norway): File transfer logs must cover all activities, with safeguards against alteration.
track file activity
The Actions & Events We Capture

Activity Record Logs

Authentication & Authorization Events

  • Login attempts
  • MFA usage (challenge sent, challenge passed/failed).
  • Role-based access assignment changes

Administrative Actions

  • Creation or deletion of user accounts.
  • Changes to security settings (encryption policy, retention policy, audit log retention).
  • API key/token generation or revocation.

File Information

  • File name / unique file ID.
  • File size, checksum/cryptographic hash
  • Destination (recipient email)
  • Retention/expiry policy applied (auto-delete after expiry date, expiry date shown).

File Transfer Metadata

  • Event type: upload, download
  • Timestamp (UTC):  immutable (tamper-proof)
  • Event outcome (success, failure, denied, error).

Integrity Enforcement

  • Delegation/impersonation attempts (if a feature exists).
  • File checksum/cryptographic hash

Permission Changes

  • Who granted/revoked access (admin, timestamp).
  • Scope of change (read-only, upload only, download only).

Security-Relevant Flags

  • Access attempt outside user declared business hours.
  • Failed login attempts or brute-force attempts
  • File accessed by new device/location.

System/Network Context

  • Source IP address / geolocation 
  • Device/browser fingerprint
  • System response (transfer accepted / denied).

User Information

  • User ID / account name (user name and unique identifier).
  • Authentication method (SAML/SSO, 2FA, password).
  • Session ID (per each login session).

Aiding You To Be Compliant With

Cyber Essentials UK
FINRA
FISMA
GDPR
HIPAA
NSM ICT
SOX