BG Beter Geregeld ICT
PDF redactie · 2 min leestijd · 07 December 2025

Audit trail for redaction: what to log, why, and how long?

An auditor walks in and asks: "show us how you anonymised client data for report X." Without an audit trail, you have nothing to show. Here's what to log.

With automated or large-scale redaction, an audit trail is more than a nice-to-have: it's your defence against GDPR claims and ISO audits.

\n\n

What to record for each redaction action

\n
    \n
  • The user who performed the redaction.
    • \n
  • Timestamp.
    • \n
  • Original file (name + hash).
    • \n
  • Redacted file (name + hash).
    • \n
  • Patterns applied or manual regions (a summary — not the original text).
    • \n
  • Number of matches redacted.
    • \n
  • Redaction reason (optional free text).
    • \n
  • Optionally: who received the resulting document.
    • \n
\n\n

What NOT to log

\n
    \n
  • The original text that was redacted — that would defeat the entire exercise.
    • \n
  • Images of redacted content.
    • \n
\n\n

Retention period

\n
    \n
  • For ISO 27001 purposes: 3 years minimum.
    • \n
  • For GDPR accountability: 3–5 years depending on context.
    • \n
  • Longer if the redaction work relates to tax documents (7 years).
    • \n
\n\n

Storage

\n

Centralised log, with restricted access. Not inside the PDF itself (a contradiction in terms), but in a database or log file with access controls.

\n\n

Verification

\n

Periodic spot-check: pick 10% of recent redactions, open the log entry, compare it with the file — does what's logged match reality?

\n\n

Tools: our PDF Redact Business plan produces an audit log that records everything needed for ISO purposes on a per-redaction basis. See also the redaction pillar.

Onderwerpen

#iso-27001 #compliance #redactie #audit-trail

Volledige gids: Redacción de PDF para pymes: la guía completa

Dit artikel is onderdeel van onze uitgebreide PDF redactie-gids. Lees de pillar voor het complete plaatje.

Lees de pillar →

Verwant leesmateriaal

PDF redactie

Automating your redaction workflow: from ad hoc to streamlined

If you're redacting 5+ documents a month, it's time for a proper workflow. Here are the five stages: intake, redaction, verification, release, and audit.

2 min
PDF redactie

Redaction in the offboarding process: which documents need to be cleaned up?

Ex-employee data must be cleaned up in line with GDPR retention periods. Redaction helps with documents you need to keep — but without personally identifying information.

2 min
PDF redactie

GDPR: redaction, pseudonymisation and anonymisation — which and when?

These three terms confuse people — and GDPR treats them very differently. Here's what sets them apart and when each one applies.

2 min
PDF redactie

Detecting and removing BSNs in documents

A BSN (Dutch citizen service number) can almost never be shared with third parties. In practice it hides in scans, payslips and old contracts. Here's how to find and remove it systematically.

2 min
PDF redactie

Pattern mode: bulk redaction for recurring patterns

If you have 200 documents where BSNs, email addresses or IBANs need to be removed throughout, clicking through each one manually is a nightmare. Pattern mode automates it.

2 min
PDF redactie

OCR redaction: making scanned PDFs editable for redaction

A scanned PDF is a series of images, not text. Searching and redacting won't work without OCR. Here's the workflow.

2 min
← Alle artikelen in "PDF redactie"