Genesys Cloud - Main

 View Only

Sign Up

  • 1.  Audit Logs

    Posted 7 hours ago

    Hi Team,

    I am seeking clarification regarding the scope of the Audit log services.

    Specifically, I would like to confirm if changes to External Contacts (including custom fields) trigger an audit log entry. This includes:

    1. Creation (Insert)
    2. Modification (Update/Modify)
    3. Deletion

    Context: We are archiving our audit logs to a vendor-managed S3 bucket. Our External Contacts contain sensitive information (Customer Names, Phone Numbers, and PINs). We need to confirm that these specific PII details are not captured in the audit logs to ensure compliance and data privacy with our third-party vendor.

    Based on my initial research, it's not showing any changes in the audit viewer logs in external contact changes. Could you please confirm if my understanding is correct?

    Regards,

    Saranraj Thangaraj


    #Reporting/Analytics

    ------------------------------
    SARANRAJ THANGARAJ
    ------------------------------


  • 2.  RE: Audit Logs

    Posted 6 hours ago
    Hi Saranraj,
     
    The Audit Action Catalog below may be helpful here:
     
     
    If you check under ExternalContacts, it does list actions such as Contact Create / Update / Delete, which suggests those changes are within scope for audit logging.
     
    What is still not clear from the catalog alone is whether the audit payload includes the actual field values or sensitive PII details, versus just metadata about the action itself.
     
    Hope this helps, and hopefully someone from the community can confirm the payload/detail side of it as well.


    ------------------------------
    Phaneendra
    Technical Solutions Consultant
    ------------------------------

    Original Message


  • 3.  RE: Audit Logs

    Posted 5 hours ago

    Hi @Phaneendra Avatapalli


    Thanks for sharing the Audit Action Catalog link. It's good to confirm that ExternalContacts are within the audit scope.

    The point regarding the payload is exactly what I'm looking to clarify. For our current implementation, we need to understand if the logs capture the 'Before' and 'After' states of the field values, or if it's strictly restricted to metadata (Who/When/Action). specially on external contact.

    I'll keep an eye on the community thread to see if anyone can confirm how PII is handled, as that will be a key factor in our security and compliance review.

    Regards,

    Saranraj Thangaraj.



    ------------------------------
    SARANRAJ THANGARAJ
    ------------------------------

    Original Message


Related Content