v2.4.0 | Report Errata
docs security docs security

Inference logs contain the system’s production inputs and outputs, which may include personal data, commercially sensitive information, or data subject to legal privilege. Access to inference logs is restricted by the security team to authorised monitoring and audit personnel. Logs are encrypted at rest and retained according to the documented retention policy.

Where inference logs are used for model retraining (a common practice for continuous improvement), the data governance controls described in apply to the retraining dataset derived from those logs. This means the retraining dataset requires its own data governance assessment, including legal basis evaluation, purpose limitation, and data minimisation.

The inference log security configuration, including access controls, encryption settings, and the boundary between log access for monitoring purposes and log access for retraining purposes, is documented in Module 9 and Module 10.

Key outputs

  • Access controls restricting inference log access to authorised personnel
  • Encryption at rest for all inference logs
  • Governance boundary between monitoring access and retraining access
  • Module 9 and Module 10 AISDP documentation
On This Page