SCOPE
Document scope
Authentication, tenant administration, API keys, provider routing, billing-related changes, security events, support actions, and system health events.
Status: first operational draft, pending legal review. It must be reviewed by counsel, the privacy owner, and the security owner before it is published as a binding policy or attached to a signed enterprise agreement.
§ 01
Logged events
Authentication and identity events: login, logout, failed login, password reset, MFA/security changes where supported.
Tenant administration: membership changes, role changes, tenant profile changes, settings updates, and plan changes.
API key events: creation, display at creation, rotation, revocation, failed use, rate-limit events, and suspicious key usage.
Operational events: deployment, incident response actions, provider failover, runtime-control changes, and security-relevant configuration changes.
§ 02
Log protection
Audit logs should be append-oriented, access-controlled, timestamped, tenant-scoped where applicable, and protected from ordinary user modification.
Logs must not intentionally contain plaintext API keys, passwords, payment card numbers, or unnecessary sensitive prompt content.
§ 03
Use and retention
Audit logs are used for security investigations, customer support, abuse detection, compliance evidence, and operational debugging.
Retention depends on plan, legal obligations, security needs, and infrastructure limits. High-value security logs should be retained separately from ordinary application debug logs.
CONTACT
Questions and updates
For support questions, contact ict03@rfems.com. For security reports, contact ict03@rfems.com. For privacy requests, contact ict03@rfems.com.