PRODUCT · ORDERS · AUDIT TRAIL

Investigation, not just record-keeping.

Most platforms log what their users did. Useful for compliance audits once a year, useless for daily operations. TradeOS treats the audit trail as a forensic instrument — queryable backward from any event, time-travel reconstructable to any point in the past, complete across every counterparty in the chain, and built for the moment an operator asks “what led up to this?” Investigation goes from days to seconds.

Book a demo See pricing →

TradeOS

HomeTasksOrdersProductionShipmentsFinanceAudit

Audit trail·query·4 filters active·12 of 247 events match

Save query Export trail →

RecordRD-2026-077▾

Date rangeMar 1 → May 5, 2026▾

Event typeState changes + costs▾

ActorAny▾

Searchmargin variance...

Mar 1, 09:14

Order created

RD-2026-077Sarah Chen · SalesQuote margin: 22.5%

Mar 4, 14:22

Confirmed at quoted terms

RD-2026-077Sarah Chen · SalesLocked: $0.070/unit

Apr 1, 10:30

Production allocated 60/40

RD-2026-077Liam Okafor · OpsCrescent + Sapphire

Apr 18, 09:55

Freight surcharge applied

BAF +4% on COSCO trans-Pacific lane

SHP-2026-088System · carrier API+$1,800 · −0.5pp

Apr 24, 14:08

In-process AQL passed (Crescent)

PL-2026-0138External AQL Co.No impact

Apr 30, 11:22

QC fail · Sapphire (resolved by rework)

Decision: rework affected portion · 3-day delay

PL-2026-0142Liam Okafor · Ops+$2,400 · −0.6pp

May 2, 13:11

Shipped from Port Klang

SHP-2026-088System · carrier APIMargin: 21.4% live

May 4, 16:08

Manager approval logged

RD-2026-091Marcus Patel · ManagerOut of investigation scope

Jul 13, 10:30

Customs cleared Hamburg

SHP-2026-088Hamburg LogistikNo impact

Jul 14, 13:22

Delivered

RD-2026-077System · carrier APIMargin: 21.0% live

Jul 18, 09:14

Final invoice paid

INV-2026-077-ABrevin Health EU$560,000 received

Jul 22, 11:00

Order closed

RD-2026-077System · auto-close21.0% final · −1.5pp

This query took 0.3 seconds across 247 events.Save as a recurring query, export as CSV / JSON / signed PDF.

THE PROBLEM

Most audit trails are evidence storage. Yours should be an investigation tool.

SAP has an audit log. NetSuite has an audit log. QuickBooks has one too. They all store records of who did what, when. None of them help an operator answer “why did this order compress 1.5pp?” without exporting four CSVs and joining them in Excel. None of them show what a counterparty did across a record’s lifetime — most don’t capture counterparty actions at all. None of them let you reconstruct the state of an order at a moment in the past. Audit trails as compliance overhead are useful once a year. Audit trails as operational tools are useful every day.

THE QUERY INTERFACE

Filter, search, and pivot — across every event in the system.

EDMA’s audit trail is queryable on five axes — record (any order, lot, shipment, invoice, document, manufacturer, client), date range (down to the second), event type (state changes, document operations, cost adjustments, communications, compliance checks, configuration edits), actor (any user, any counterparty, any system process), and full-text search across event reasons and notes. Queries return in under a second. Save as a recurring view; share with a colleague; export as CSV, JSON, or a signed PDF for compliance evidence.

Common forensic queries · saved across the platform

Saved queries appear in every operator’s audit panel

Operational forensics

What caused this order’s margin variance?

record=current ordertype=cost adjustments + state changes

Investigate post-close margin compression.

Last run: 47 times last quarter

What did this manufacturer do across this product?

actor=manufacturerrecord=productrange=trailing 12mo

Review counterparty behavior before re-pricing.

Last run: 18 times last quarter

Off-hours actions (3pm–9am) on financial events

type=cost adjustments + paymentstime-of-day=15:00–09:00

Detect unusual approval timing patterns.

Last run: weekly · scheduled

All overrides of system-recommended decisions

type=resolutionsubtype=overridesrange=trailing 30d

Review where operators went against the platform’s recommendation.

Last run: monthly · scheduled

Compliance forensics

Who approved transactions over $250K last quarter

type=manager approvalsvalue>$250,000range=quarter

SOC 2 evidence package · approval threshold compliance.

Last run: quarterly · scheduled

All sanctioned-party screening events

type=compliance checksubtype=sanctioned-party

AML / OFAC compliance evidence.

Last run: monthly · scheduled

All certificate-of-origin generations + signatures

type=documentsubtype=COOop=generate or sign

Customs audit evidence.

Last run: as-needed · ad hoc

Configuration changes to approval rules

type=settingssubtype=approval-rulesop=create or modify

SOC 2 evidence · prove rule integrity over period.

Last run: quarterly · scheduled

Queries are scoped to the user’s role permissions. Compliance officers see compliance forensics; operators see operational forensics; admins see both.

TIME-TRAVEL RECONSTRUCTION

Show me the state of this order on April 18, 2026 at 3pm.

The audit trail is event-sourced. Every record’s state at any point in the past can be reconstructed by replaying events up to that moment. Useful when a buyer disputes “but I was promised this delivery date in our last conversation” — you can show the order’s state on the date of that conversation, not as it stands now after three amendments. Useful when a regulator asks for the state of compliance at the moment of a specific shipment. Useful when a manager asks “what did this order look like when Liam acknowledged the QC fail?” The platform answers literally, with a render of that state.

Time travel · RD-2026-077 · reconstruct historical state

Apr 18, 2026 · 15:00

Mar 1Mar 4Apr 1Apr 18May 2Jul 13Jul 22

RD-2026-077 · as of Apr 18, 2026 at 15:00

Reconstructed from 89 events

StatusIn Production

Quote margin22.5%

Live margin22.0% ▼ −0.5pp

Total cost (live)$437,000

Cost lines actualized3 of 8

Documents present6 of 11

Last eventApr 18, 09:55 — freight surcharge

Open exceptions0

Expected deliveryJul 21, 2026

RD-2026-077 · current

247 events captured · final state

StatusClosed

Quote margin22.5%

Final margin21.0% ▼ −1.5pp

Total cost (final)$441,200

Cost lines actualized8 of 8 (final)

Documents present11 of 11

Last eventJul 22, 11:00 — order closed

Total exceptions2 (both resolved)

DeliveredJul 14, 2026 (3 days early)

Reconstruction is read-only. The historical state cannot be edited — but it can be exported, shared, or attached as evidence to a dispute or audit.

CROSS-SECTION COMPLETENESS

Every actor. Every system. Every record.

Most platforms capture only what their own users did inside their own UI. EDMA captures across the full chain — internal user actions, counterparty portal actions (manufacturer document uploads, freight forwarder confirmations, client portal interactions, broker submissions), system-generated events (state transitions, scheduled jobs, integration callbacks), and external API actions (carrier feed updates, FX rate refreshes, sanctions list checks). The completeness is what makes the trail forensically usable; gaps in capture are gaps in investigation.

What gets captured · by actor type and event category

Actor type	State changes	Document ops	Cost events	Communications	Compliance checks
Internal user	✓	✓	✓	✓	✓
Manufacturer (portal)	✓	✓	✓	✓	✓
Freight forwarder (portal)	✓	✓	✓	✓	—
Client (portal)	✓	✓	—	✓	—
Customs broker (email/API)	◐via email parse	✓	✓	✓	✓
System / scheduled	✓	✓	✓	—	✓
External API (carrier, FX)	✓	◐	✓	—	✓

What full coverage means

Every event of that type, by that actor, captured with: timestamp (UTC), actor identity (user or system process), affected record(s), full payload diff (before/after where applicable), source channel (UI / API / portal / email parse), and IP address where available.

What partial coverage means

For email-based counterparties (some customs brokers, smaller carriers), inbound emails are parsed and tagged, but the trail captures the parsed result rather than the original email metadata (recipient list, mail server headers). The original email is preserved as a linked attachment.

DEFENSIBILITY

Cryptographically immutable. Admissible as evidence.

An audit trail used in a commercial dispute or a regulatory audit must be defensible — provably unaltered, signed by the platform, exportable in a standard format, and admissible to the third party reviewing it. EDMA’s trail is hash-chained at write time (each event includes the hash of the previous event, making any after-the-fact tampering detectable), exportable with a cryptographic signature, and structured per common evidence formats (CSV with metadata, signed PDF with timestamp authority, JSON with hash chain). Useful in arbitration. Required by SOC 2. Quietly necessary when a buyer refuses to pay because they say a delivery date wasn’t agreed.

IMMUTABILITY

Hash-chained at write

Every event written to the trail includes the SHA-256 hash of the previous event in its category. Any modification to a historical event would break the chain at the modification point and every event after it. The chain is verifiable at any time; the platform runs verification daily.

Hash verified daily · last: today, 04:00 UTC · status: intact

EXPORT

Signed bundles for evidence packages

Export any query result or full record trail as CSV (data only), JSON (with hash chain), or signed PDF (with RFC 3161 timestamp from a third-party timestamp authority). The PDF includes a verification page showing the hash chain status at export time.

47 export formats supported · 8 default templates per category

RETENTION

Indefinite by default · per-category configurable

All audit events retained indefinitely by default. Retention policies are configurable per event category and per tenant — minimum 7 years for financial events (typical regulatory floor); customizable for operational events. Deletion (where permitted) leaves a “redacted” tombstone with hash continuity preserved.

Default: indefinite · regulatory floor: 7 years

DISPUTE RESOLUTION · A WORKED EXAMPLE

When a buyer disputes a delivery date, the trail closes the conversation in three minutes.

Trade disputes hinge on records — what was promised, what was received, what was communicated, when. EDMA’s trail combined with reconstruction makes the answer immediate. Below: a real (anonymized) dispute resolved using the trail, captured as a short transcript.

Dispute resolution · RD-2025-441 · client claimed late delivery · resolved in 3 minutes

Captured exchange · client portal → operator response · timestamps preserved

Brevin Health EU · Procurement (Klaus Bauer) · Mar 12, 2025, 09:14

RD-2025-441 was supposed to deliver Feb 28. We received it Mar 6. Six days late. We’re disputing the on-time bonus per our SLA.

Sarah Chen · Sales · Mar 12, 2025, 09:18

Pulling the trail now. One moment.

Sarah Chen · Mar 12, 2025, 09:21

I’ve reconstructed the order state at confirmation (Jan 3, 2025). The agreed delivery date was Mar 4, not Feb 28. Mar 4 was the date you accepted in the proforma. The order delivered Mar 6 — 2 days late, not 6. Attached: signed proforma + amendment trail showing Mar 4 was never changed.

RD-2025-441 · State at Jan 3, 2025 · 14:22 UTC

Delivery date: Mar 4, 2025 · Source: client-signed proforma PI-2025-0099

Hash-verified · exported PDF available

Brevin Health EU · Procurement (Klaus Bauer) · Mar 12, 2025, 09:28

Apologies — confused this with another order. Withdrawing the dispute. We’ll process the on-time bonus.

Sarah Chen · Mar 12, 2025, 09:30

Thanks Klaus.

Time to resolution

14 minutes wall-clock from dispute opened to dispute withdrawn

3 minutes of operator time

0 escalations to legal

0 follow-up disputes from this client

What made it work

Reconstructable historical state (Jan 3 proforma)

Hash-verified evidence (no doubt about authenticity)

Signed-PDF export attached to the conversation

Immutable trail of the dispute itself

Without the trail: a 4-week back-and-forth, escalation to account management, possibly a $14K bonus paid as goodwill to preserve the relationship. With the trail: 14 minutes, no money lost, relationship intact.

COMPLIANCE EVIDENCE

Built for the audit your CFO knows is coming.

SOC 2, ISO 27001, GDPR, OFAC, regional financial regulations — every modern compliance framework requires an audit trail meeting specific criteria. EDMA’s trail is engineered to those criteria from the start: append-only writes, immutable history, signed exports, retention policies aligned to regulatory floors, and pre-built evidence packages for the most common audit asks. Generating the evidence package for a SOC 2 Type 2 audit takes about 20 minutes in EDMA. Generating it from QuickBooks + email + Dropbox takes 6 weeks.

Compliance evidence package · select framework · generate

SOC 2 Type 2 ▾

Audit period

Apr 1, 2025 → Mar 31, 2026

12 months · 4,847,219 events

Evidence categories

✓Access management changes847 events

✓Privileged operations log1,402 events

✓Approval workflow execution3,241 approvals

✓Configuration change history118 changes

✓Authentication events2,847,189 sign-ins

✓Data export operations4,419 exports

✓Sanctioned-party screening12,847 screens

✓Document integrity verification12 monthly checks

Bundle contents

✓Signed evidence PDF2,341 pages

✓Raw event JSON47 GB

✓Hash-chain verification report—

✓Configuration timeline—

✓Auditor cover letter (templated)—

Generate

Estimated time: 18–22 minutes

Last generated: Mar 14, 2025 (audit completed Mar 28)

Pre-built packages for SOC 2 Type 2, ISO 27001, GDPR Article 30, OFAC compliance, customs audit (per country), and regional financial regulations. Custom packages configurable per tenant.

PATTERN DETECTION · INVESTIGATIVE

Patterns in trail data point at problems before they’re reported.

The audit trail isn’t just for past investigations. It’s continuously analyzed for patterns that look like risks — unusual approval timing, off-hours activity bursts, override clusters, configuration churn, repeated dispute counterparties. These aren’t incident alerts (those live in Exception Handling); they’re investigation-worthy patterns surfaced to managers and compliance officers as a weekly review queue. Most of them are benign. A few aren’t — and the platform finds them before someone else does.

Trail pattern review · last 30 days · 6 patterns flagged for review

AllOperationalComplianceCounterpartyConfiguration

Off-hours approvals · 3 instances over 30 days

Marcus Patel approved 3 high-value orders between 22:00–05:00 local · all to Athena Group.

Recommend: confirm with Marcus this is intentional (he travels frequently) · routine.

StatusReviewed Apr 28benign · noted

Override cluster · QC decisions

Liam Okafor overrode platform-recommended QC decisions in 6 of 14 cases this month.

Recommend: review with Liam · either his judgment is better than the model (re-tune) or worse (coach).

StatusPending reviewscheduled May 8

Configuration churn · approval rules

4 modifications to manager-approval threshold in last 30 days.

Recommend: stabilize threshold · churn suggests unclear policy.

StatusPending reviewescalated to Vio

Recurring dispute counterparty

Brevin Health EU has opened 3 delivery-date disputes in 12 months · all withdrawn.

Recommend: review proforma terminology with this client · consider bilateral clarification.

StatusPending reviewscheduled May 15

Failed-then-succeeded login attempts

Sarah Chen had 4 failed logins followed by success on Apr 22, 03:14 UTC.

Recommend: confirm with Sarah this was her (probably timezone confusion · she was traveling).

StatusReviewed Apr 23benign · noted

Manual cost-line entries by sales role

Sarah Chen has entered 7 manual cost lines this month (sales typically enters 0).

Recommend: confirm process · review whether sales should have this permission.

StatusPending reviewroutine

Patterns are reviewed weekly by managers and compliance. Resolved patterns flow into the trail’s pattern history; unresolved ones escalate after a configurable SLA.

VS. THE TOOLS YOU MIGHT BE USING

Built for forensic operations, not check-the-box compliance.

Capability	QuickBooks logs	NetSuite audit	SAP audit	TradeOS
Cross-section forensic queries (one interface)	—	partial	partial	✓
Counterparty action capture (manufacturers, brokers)	—	—	partial	✓
Time-travel state reconstruction	—	partial	partial	✓
Cryptographic immutability (hash-chained)	—	—	partial	✓
Pre-built compliance evidence packages	—	partial	✓	✓
Investigative pattern detection (not just incidents)	—	—	—	✓
Sub-second query response across millions of events	—	partial	partial	✓

ERPs and accounting platforms log what their own users did, so they can pass an audit. EDMA captures the entire chain — including counterparties — and treats the trail as something an operator queries every day, not something a compliance officer queries once a year. The investigation is the product.

FREQUENTLY ASKED

Five questions about the audit trail.

How long does the audit trail keep events?

Indefinitely by default, with retention policies configurable per event category and per tenant. Regulatory floors apply automatically — 7 years for financial events, 5 for compliance screening, 3 for general operational. Tenants can set longer retention, and most do. Deletion (where permitted by retention policy) leaves a redacted tombstone preserving hash-chain continuity.

Can administrators or developers tamper with historical events?

Does the platform capture what counterparties did, or only what our users did?

Both. Manufacturers, freight forwarders, clients, and customs brokers act through the EDMA portal (free-seat access for counterparties, scoped permissions per role). Their actions write to the same audit trail as internal user actions. For email-based counterparties (some customs brokers, smaller carriers), inbound emails are parsed; the trail captures the parsed event with the original email preserved as evidence.

How do I generate evidence for a SOC 2 audit?

Settings → Compliance → Evidence Packages → SOC 2 Type 2 → select audit period → Generate. The platform produces a signed PDF (typically 1,500–3,500 pages depending on tenant size), a raw JSON export, a hash-chain verification report, and a configuration timeline. Generation takes 20–30 minutes regardless of tenant size. Pre-built packages exist for SOC 2, ISO 27001, GDPR, OFAC, customs audits, and regional financial regulators.

Can I share trail evidence with someone outside the platform (auditor, lawyer, regulator)?

Investigations from days to seconds.

Book a 30-min demo and we’ll set up your trail capture, walk through real forensic queries on real workflow data, and generate a sample SOC 2 evidence package — all in the half-hour.

Book a demo Or book a demo →