In regulated fintech environments, when auditors request reconstruction of privileged product-layer actions, how is that handled in practice? Is it typically satisfied through existing logging infrastructure, or does it require manual correlation across multiple systems?
In our case, we filtered the relevant application logs and passed them to the next team. I’m curious how other teams approach this, is it a concern if some logs are unintentionally missed.