Please provide evidence of change approval workflows for infrastructure modifications during the audit period. The current log shows 41 events; we need documentation of the approval process for each.
From: Lead Auditor · May 14, 2026
Clarification on PII handling policyMED
Can you confirm the data minimization policy for the crm_contacts category? The event log shows PII touches — please attach the DPA or data processing policy document.
From: Lead Auditor · May 13, 2026
Incident response procedure documentationLOW
Please provide the written incident response procedure that was followed for the May 15 critical event (bulk_update 4,847 records).