How do YOU audit transform changes?

sup3rmark · August 28, 2025, 2:44pm

New transforms and changes to existing transforms are not captured in SailPoint audit logs, but transforms are certainly highly relevant to auditors. The transforms we use to determine lifecycle state, at the very least, should be considered in-scope for SOX at any publicly-traded company. There’s unfortunately also no event triggers or workflow triggers focused on transform changes, so we can’t even trigger anything automatically when a change is submitted.

Are your auditors not looking at or asking about this? If they are, what are you doing to show changes to transforms, and how are you doing it? Please share your processes!

And while we’re at it, please vote for this feature request on the Ideas portal asking for transforms changes to be included in audit logs!!

udayputta · August 28, 2025, 7:56pm

You are right there is no audit log for transforms that we can see. For the tranform changes or infact any code changes the check-in history in a git hub tool should suffice here. Also if there is a rule how will you show the change to the auditor. If the code is properly checked it as soon as it is changed in the tenant then the history in the code repo can be shown to auditors as a work around.

Topic		Replies	Views
ISC rules, or transform update logs ISC Discussion and Questions transforms , rules , identity-security-cloud	5	86	July 31, 2025
Audit Transform Changes ISC Discussion and Questions transforms	2	391	July 19, 2023
Transform - how to provide documentation within the transform ISC Discussion and Questions transforms , identity-security-cloud	5	360	March 23, 2024
Configuring Workflow Execution Logs in SailPoint for Audit Compliance ISC Discussion and Questions workflows , identity-security-cloud	4	71	February 2, 2025
How to log Identity Attribute changes IIQ Community Knowledge Base aggregation , identityiq	1	403	August 24, 2024

How do YOU audit transform changes?

Related topics