Contentful logo

Contentful Community

Audit trails, etc

#1

I have a few questions, raised by our in-house security expert. I hope you can help.

(By “we”, “us”, etc, I mean the organisation/customer owning the space.)

  1. Are a space’s content model and entries encrypted at rest, or just in transit?
  2. Do Contentful staff have access to a space’s unencrypted data?
  3. Is this access audited?
  4. Is this access read-only or read-write?
  5. Is there an audit trail of our own logins?
  6. Does Contentful keep a version history/audit trail of content model changes?
  7. Is that version history accessible by us?
  8. Each content entry has a version history/audit trail: great. Is it possible to see this history after an entry is deleted (example: to find out which entries were deleted when, and by whom).
  9. Is there a consolidated audit trail of an entire space? (Can we see all the creations/updates/deletes made in a space in a simple, chronological list on one web page or via API call?)

Thanks!

David.

0 Likes

#2

Hey, here are the answers to your questions:

  • Are a space’s content model and entries encrypted at rest, or just in transit?
    Both, data is encrypted at rest and in transit.

  • Do Contentful staff have access to a space’s unencrypted data?
    Technically yes, however our internal policy requires access needs to be granted by the customer. All access is monitored.

  • Is this access audited?
    Yes

  • Is this access read-only or read-write?
    read-only, if needed read-write will be granted (fix data issues, inconsistency)

  • Is there an audit trail of our own logins?
    This is not available for the customers at the moment.

  • Does Contentful keep a version history/audit trail of content model changes?
    Technically yes, but this is not exposed in the UI.

  • Is that version history accessible by us?
    Yes it is through the API docs

  • Each content entry has a version history/audit trail: great. Is it possible to see this history after an entry is deleted (example: to find out which entries were deleted when, and by whom).
    No, this is not possible at the moment.

  • Is there a consolidated audit trail of an entire space? (Can we see all the creations/updates/deletes made in a space in a simple, chronological list on one web page or via API call?)
    No, not at the moment.


Updated content types snapshots information.

1 Like

#3

Thanks, that’s very helpful!

0 Likes

#4

Hi,
on a related topic, regarding images. I can see that there is the concept of versions in the CMS UI but there doesn’t appear to be a way to access those versions (e.g. to revert back to a previous version as you can with written text for example). Also if an image has been deleted, can it be recovered?
Thanks

0 Likes

#5

Hi @mark.bowler,
Unfortunately, snapshots are only available for entries, not assets, so you won’t be able to revert back one of its versions.
However, images are separate entities from assets, so, every time you upload or update an image, a new URL will be generated for it (i.e. each image version has a different URL).
When you delete or update this asset, the URL still will be available, so you can retrieve that image if you still have access to the old URL.

0 Likes