SOC 2 Compliance

LogStruct is designed to help companies meet SOC 2 compliance requirements through type-safe, accurate logging with comprehensive sensitive data protection.

Why Logging Matters for SOC 2

SOC 2 audits require organizations to demonstrate robust security controls and incident response capabilities. Logging plays a critical role in two key areas:

Forensic Analysis - Logs must be accurate and reliable for investigating security incidents and breaches
Data Privacy - Logs must not contain sensitive customer data that could violate privacy requirements

LogStruct addresses both requirements by ensuring log accuracy through type safety and protecting sensitive data through comprehensive filtering.

Type-Safe Logs for Forensic Analysis

LogStruct guarantees that your logs contain only known, expected values by enforcing strict type checking at runtime. If any value in your logs has the wrong type, your integration tests will immediately fail with a clear error.

Catch bugs before production: Type errors in logs are caught in your test suite, not in production where they could compromise forensic investigations.

Sensitive Data Protection

LogStruct provides powerful filtering capabilities enabled by default to keep sensitive data out of your logs while preserving the information needed for debugging and request tracing.

What Gets Filtered

LogStruct automatically filters common sensitive fields including:

Passwords, tokens, and API keys
Credit card numbers and CVV codes
Social security numbers and other PII
Email addresses and phone numbers
Any custom sensitive fields you configure

Smart Filtering Preserves Context

Unlike simple redaction that removes all information, LogStruct preserves valuable context for debugging:

{
  "email": {
    "_filtered": {
      "_class": "String",
      "_hash": "a1b2c3d4e5f6"  // Deterministic hash for correlation
    }
  },
  "payment_data": {
    "_filtered": {
      "_class": "Hash",
      "_size": 3  // Size helps understand data volume
    }
  }
}

Deterministic Email Hashes

For email addresses, LogStruct generates deterministic hashes that allow you to:

Trace requests across services - The same email always produces the same hash
Correlate user actions - Follow a user's journey without exposing their email
Debug user-specific issues - Identify patterns for a specific user using their hash

Filtered Type Information

Knowing the type of filtered data helps with debugging:

_class - Shows whether it was a String, Hash, Array, etc.
_size - For collections, shows how many items were filtered
_hash - Deterministic hash for correlation (email addresses only)

Benefits for SOC 2 Audits

LogStruct helps satisfy multiple SOC 2 trust service criteria:

Security & Availability (CC6.1, CC7.2)

Incident detection - Type-safe logs ensure reliable security monitoring and alerting
Forensic analysis - Accurate, structured logs enable effective incident investigation
Audit trails - Consistent log format makes it easy to track system activities

Confidentiality (CC6.6)

Data protection - Automatic filtering prevents sensitive data from entering logs
Compliance by default - No manual scrubbing or post-processing required
Audit evidence - Clear filtering metadata demonstrates data protection controls

Privacy (P3.1, P3.2)

PII protection - Email addresses and other PII are automatically filtered
Retention compliance - Filtered logs can be retained longer without privacy concerns
Data minimization - Only necessary debugging metadata is preserved

Getting Started

LogStruct's security features work out of the box with zero configuration. For more details on customizing filtering rules, see:

Filtering Sensitive Data - Comprehensive guide to filtering configuration
Sorbet Types - Learn more about type safety in logs
Configuration - General configuration options

Need help with SOC 2? LogStruct is used by companies undergoing SOC 2 audits. If you have any questions or concerns about compliance, please reach out on GitHub.

Edit this page on GitHub