Class: DilisensePepClient::AuditLogger

Inherits:

Object

• Object
• DilisensePepClient::AuditLogger

Defined in:

lib/dilisense_pep_client/audit_logger.rb

Overview

Comprehensive audit logging for compliance and regulatory requirements This class provides enterprise-grade audit logging specifically designed for financial institutions and FinTech companies that need to comply with AML, KYC, GDPR, and other regulatory frameworks.

Features:

• Structured logging with tamper-evident checksums

• PII anonymization and data sanitization

• Multi-framework compliance support (AML, KYC, GDPR, PCI-DSS, SOX, MiFID)

• Automatic retention policy enforcement

• Security incident escalation

• Audit trail integrity verification

The logger creates immutable audit records for all screening activities, data access, configuration changes, and security events. All sensitive data is automatically anonymized while maintaining audit trail completeness for regulatory purposes.

Examples:

Basic screening request logging

audit_logger = AuditLogger.new
audit_logger.log_screening_request(
  request_type: "individual",
  search_terms: { names: "John Smith", dob: "01/01/1980" },
  user_id: "user_123",
  client_ip: "192.168.1.1"
)

Configuration with custom compliance requirements

audit_logger = AuditLogger.new(
  compliance_frameworks: [:aml, :kyc, :gdpr, :mifid],
  retention_days: 3650, # 10 years for enhanced requirements
  anonymize_pii: true,
  audit_level: :enhanced
)

Constant Summary

AUDIT_EVENTS =

Standard audit event types for PEP screening Maps internal event symbols to standardized audit event codes for consistent logging

{
  screening_request: "SCREENING_REQUEST",
  screening_response: "SCREENING_RESPONSE", 
  data_access: "DATA_ACCESS",
  configuration_change: "CONFIG_CHANGE",
  authentication: "AUTHENTICATION",
  authorization: "AUTHORIZATION",
  data_export: "DATA_EXPORT",
  system_event: "SYSTEM_EVENT",
  compliance_violation: "COMPLIANCE_VIOLATION",
  security_incident: "SECURITY_INCIDENT"
}.freeze

COMPLIANCE_FRAMEWORKS =

Compliance frameworks supported by this audit logger Each framework has specific logging requirements and retention policies

{
  gdpr: "General Data Protection Regulation",
  aml: "Anti-Money Laundering",
  kyc: "Know Your Customer", 
  pci_dss: "Payment Card Industry Data Security Standard",
  sox: "Sarbanes-Oxley Act",
  mifid: "Markets in Financial Instruments Directive"
}.freeze

Instance Method Summary

• #cleanup_expired_logs ⇒ Object
• #generate_audit_report(start_date:, end_date:, event_types: nil, compliance_framework: nil, include_statistics: true) ⇒ Object
• #initialize(compliance_frameworks: [:aml, :kyc, :gdpr], retention_days: 2555, anonymize_pii: true, include_request_details: true, audit_level: :standard) ⇒ AuditLogger constructor

  Initialize the audit logger with compliance and retention settings.

• #log_compliance_violation(violation_type:, framework:, rule_violated:, severity:, description:, remediation_required: true, **additional_context) ⇒ Object
• #log_configuration_change(configuration_key:, old_value:, new_value:, changed_by:, change_reason: nil, **additional_context) ⇒ Object
• #log_data_access(accessed_data:, access_purpose:, user_id: nil, authorized: true, data_classification: nil, **additional_context) ⇒ Object
• #log_screening_request(request_type:, search_terms:, user_id: nil, session_id: nil, client_ip: nil, user_agent: nil, request_id: nil, **additional_context) ⇒ Object

  Log a PEP/sanctions screening request for compliance audit trail Creates an immutable record of who searched for what, when, and from where.

• #log_screening_response(request_id:, response_status:, records_found:, processing_time:, data_sources: nil, match_confidence: nil, **additional_context) ⇒ Object
• #log_security_incident(incident_type:, severity:, description:, affected_resources: nil, mitigation_actions: nil, **additional_context) ⇒ Object

Constructor Details

#initialize(compliance_frameworks: [:aml, :kyc, :gdpr], retention_days: 2555, anonymize_pii: true, include_request_details: true, audit_level: :standard) ⇒ AuditLogger

Initialize the audit logger with compliance and retention settings

Parameters:

• compliance_frameworks (Array<Symbol>) (defaults to: [:aml, :kyc, :gdpr]) —

  List of compliance frameworks to support

• retention_days (Integer) (defaults to: 2555) —

  Number of days to retain audit logs (default: 7 years)

• anonymize_pii (Boolean) (defaults to: true) —

  Whether to anonymize personally identifiable information

• include_request_details (Boolean) (defaults to: true) —

  Whether to include detailed request information

• audit_level (Symbol) (defaults to: :standard) —

  Audit detail level - :standard, :enhanced, or :minimal

# File 'lib/dilisense_pep_client/audit_logger.rb', line 73

def initialize(
  compliance_frameworks: [:aml, :kyc, :gdpr],
  retention_days: 2555, # 7 years default for financial compliance
  anonymize_pii: true,
  include_request_details: true,
  audit_level: :standard
)
  @compliance_frameworks = compliance_frameworks
  @retention_days = retention_days
  @anonymize_pii = anonymize_pii
  @include_request_details = include_request_details
  @audit_level = audit_level
  @mutex = Mutex.new # Thread-safe logging operations
end

Instance Method Details

#cleanup_expired_logs ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 315

def cleanup_expired_logs
  expiry_date = Date.today - @retention_days
  
  Logger.logger.info("Audit log cleanup initiated", {
    expiry_date: expiry_date,
    retention_days: @retention_days
  })
  
  # This would integrate with actual storage backend
  # For now, just log the cleanup action
  log_system_event(
    event_type: "audit_log_cleanup",
    description: "Expired audit logs cleaned up",
    details: {
      expiry_date: expiry_date,
      retention_policy: @retention_days
    }
  )
end

#generate_audit_report(start_date:, end_date:, event_types: nil, compliance_framework: nil, include_statistics: true) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 283

def generate_audit_report(
  start_date:,
  end_date:,
  event_types: nil,
  compliance_framework: nil,
  include_statistics: true
)
  report_data = {
    report_metadata: {
      generated_at: Time.now.utc.iso8601,
      generated_by: "DilisensePepClient::AuditLogger",
      period: { start: start_date, end: end_date },
      event_types: event_types,
      compliance_framework: compliance_framework
    },
    summary: include_statistics ? generate_audit_statistics(start_date, end_date) : nil,
    retention_policy: {
      retention_days: @retention_days,
      anonymization_enabled: @anonymize_pii,
      compliance_frameworks: @compliance_frameworks
    }
  }

  Logger.logger.info("Audit report generated", {
    report_id: generate_report_id,
    period: "#{start_date} to #{end_date}",
    frameworks: compliance_framework || @compliance_frameworks
  })

  report_data
end

#log_compliance_violation(violation_type:, framework:, rule_violated:, severity:, description:, remediation_required: true, **additional_context) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 252

def log_compliance_violation(
  violation_type:,
  framework:,
  rule_violated:,
  severity:,
  description:,
  remediation_required: true,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :compliance_violation,
    event_details: {
      violation_type: violation_type,
      framework: framework,
      rule_violated: rule_violated,
      severity: severity,
      description: description,
      remediation_required: remediation_required,
      violation_timestamp: Time.now.utc.iso8601
    },
    additional_context: additional_context
  )

  write_audit_log(audit_data)
  
  # Escalate critical violations
  if severity == :critical
    escalate_compliance_violation(audit_data)
  end
end

#log_configuration_change(configuration_key:, old_value:, new_value:, changed_by:, change_reason: nil, **additional_context) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 193

def log_configuration_change(
  configuration_key:,
  old_value:,
  new_value:,
  changed_by:,
  change_reason: nil,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :configuration_change,
    event_details: {
      configuration_key: configuration_key,
      old_value: sanitize_config_value(old_value),
      new_value: sanitize_config_value(new_value),
      changed_by: anonymize_user_id(changed_by),
      change_reason: change_reason,
      change_timestamp: Time.now.utc.iso8601
    },
    additional_context: additional_context
  )

  write_audit_log(audit_data)
  log_compliance_events(:configuration_change, audit_data)
end

#log_data_access(accessed_data:, access_purpose:, user_id: nil, authorized: true, data_classification: nil, **additional_context) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 167

def log_data_access(
  accessed_data:,
  access_purpose:,
  user_id: nil,
  authorized: true,
  data_classification: nil,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :data_access,
    event_details: {
      accessed_data: anonymize_sensitive_data(accessed_data),
      access_purpose: access_purpose,
      authorized: authorized,
      data_classification: data_classification,
      access_timestamp: Time.now.utc.iso8601
    },
    user_context: {
      user_id: anonymize_user_id(user_id)
    },
    additional_context: additional_context
  )

  write_audit_log(audit_data)
end

#log_screening_request(request_type:, search_terms:, user_id: nil, session_id: nil, client_ip: nil, user_agent: nil, request_id: nil, **additional_context) ⇒ Object

Log a PEP/sanctions screening request for compliance audit trail Creates an immutable record of who searched for what, when, and from where

Parameters:

• request_type (String) —

  Type of screening request (“individual” or “entity”)

• search_terms (Hash, String) —

  Search parameters used (will be anonymized if PII anonymization enabled)

• user_id (String, nil) (defaults to: nil) —

  ID of the user making the request (will be hashed if anonymization enabled)

• session_id (String, nil) (defaults to: nil) —

  Session identifier for request correlation

• client_ip (String, nil) (defaults to: nil) —

  IP address of the requesting client (will be anonymized)

• user_agent (String, nil) (defaults to: nil) —

  User agent string from the request (sanitized)

• request_id (String, nil) (defaults to: nil) —

  Unique request identifier for correlation

• additional_context (Hash) —

  Any additional context data for the audit record

# File 'lib/dilisense_pep_client/audit_logger.rb', line 99

def log_screening_request(
  request_type:,
  search_terms:, 
  user_id: nil,
  session_id: nil,
  client_ip: nil,
  user_agent: nil,
  request_id: nil,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :screening_request,
    event_details: {
      request_type: request_type,
      search_terms: anonymize_search_terms(search_terms),
      search_terms_hash: hash_pii(search_terms.to_s),
      request_timestamp: Time.now.utc.iso8601
    },
    user_context: {
      user_id: anonymize_user_id(user_id),
      session_id: session_id,
      client_ip: anonymize_ip(client_ip),
      user_agent: sanitize_user_agent(user_agent)
    },
    request_id: request_id,
    additional_context: additional_context
  )

  write_audit_log(audit_data)
  
  # Log compliance-specific events
  log_compliance_events(:screening_request, audit_data)
end

#log_screening_response(request_id:, response_status:, records_found:, processing_time:, data_sources: nil, match_confidence: nil, **additional_context) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 133

def log_screening_response(
  request_id:,
  response_status:,
  records_found:,
  processing_time:,
  data_sources: nil,
  match_confidence: nil,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :screening_response,
    event_details: {
      response_status: response_status,
      records_found: records_found,
      processing_time_ms: processing_time,
      data_sources: data_sources,
      match_confidence: match_confidence,
      response_timestamp: Time.now.utc.iso8601
    },
    request_id: request_id,
    additional_context: additional_context
  )

  write_audit_log(audit_data)
  
  # Special handling for matches found
  if records_found > 0
    log_compliance_events(:potential_match_found, audit_data.merge({
      match_count: records_found,
      requires_review: match_confidence && match_confidence > 0.7
    }))
  end
end

#log_security_incident(incident_type:, severity:, description:, affected_resources: nil, mitigation_actions: nil, **additional_context) ⇒ Object

# File 'lib/dilisense_pep_client/audit_logger.rb', line 218

def log_security_incident(
  incident_type:,
  severity:,
  description:,
  affected_resources: nil,
  mitigation_actions: nil,
  **additional_context
)
  audit_data = build_audit_entry(
    event_type: :security_incident,
    event_details: {
      incident_type: incident_type,
      severity: severity,
      description: description,
      affected_resources: affected_resources,
      mitigation_actions: mitigation_actions,
      incident_timestamp: Time.now.utc.iso8601
    },
    additional_context: additional_context
  )

  write_audit_log(audit_data)
  log_compliance_events(:security_incident, audit_data)
  
  # Alert on critical incidents
  if severity == :critical
    Logger.log_security_event(
      event_type: "critical_security_incident",
      details: audit_data[:event_details],
      severity: :critical
    )
  end
end