Skip to main content

Find the answers you need

Use the Personio Audit Log

The Personio Audit Log tracks changes to your company and employee data. It provides an overview of events and their order, showing who did what and when.

Each entry has details for context. You can't change entries. You can view events from the beginning of the Audit Log records. 

Note:
We've identified a display issue with the information in the Performed by column, impacting only a small subset of events. See the Review affected events and implications section below for further details.

Before you start

  • Only Administrators can access the Audit log.
  • It can take up to two hours for an event to appear in the log.
  • You can also use the audit logs to track all activities related to the DATEV integration.
  • The Audit Log tracks events that Personio Support agents perform. Learn more about Personio Support Access.
  • The Audit Log doesn't include IP addresses. Personio processes and logs IP addresses as part of system logging and can evaluate them internally for specific needs, such as a security investigation.

View and filter Audit Log events

To view and filter events in the Audit Log:

  1. Go to Settings.
  2. In the Data Governance section, click Audit Log.
  3. Use the filters at the top to display the relevant event data.
  4. In the list of events, click View details to see more information about a specific entry.
  5. Click Export to download all audit log entries that match your selected filters. The export downloads as a CSV file and is available in your Personio inbox.

The following table shows what each field means:

Field Description
Performed by Select the person who took the action. You can choose multiple employees.
Logged in as Displays the employee impersonated when performing the event. It refers to the user the actor logged in as when taking the action.
Applied to (user or company)

Shows the affected employee or company.

If the action involves an individual, their name appears here. If it affects the entire company, it displays the company name.
Action type

Indicates the type of action performed. For example, creating a new employee or updating payroll information.

Action types have two categories:

  • Data changes: Create, Update, Delete, Login, and Other. For data change events, an event properties table shows the old and new values of the attributes.
  • Data reads: View or Download data or documents.
Event description Describes the action performed. For example, an Update for Employee personal information involves updates to that information.
Timeframe

Shows the date of the action in the system. You can view events from the beginning of the Audit Log records. You can't change entries.

To see the effective date (if applicable) of a change, click View Details.

Event details

Click View details to see more information about a specific event, including the timestamp and the Personio Trace ID, which is a unique identifier Personio uses to track the event. The Trace ID isn't an IP address.

Explore the event properties tracked in the Audit Log

The following table shows the event properties the Audit Log captures:

Category Details
Employee information
  • Employee information updates 
  • Employee history updates 
  • Scheduled changes 
  • Proposed & approved changes 
  • Employee leave updates 
  • Employee termination updates 
  • Employee creations/deletions 
Salary
  • Bonus payout updates 
  • Hourly salary updates 
Compensation
  • Compensation values updates 
  • Compensation type updates 
  • Surcharge value updates 
Documents
  • Document uploads 
  • Document deletion 
  • Document updates 
  • Document template creation
  • Document template updates
  • Document template deletion
Data Retention
  • Data retention policy creation
  • Data retention policy deletion
  • Data retention policy updates
  • Data retention policy executions
  • Data retention exclusions
Attendance
  • Work schedule updates 
  • Employee work schedule assignment 
  • Tracked time updates 
  • Overtime payout/compensation updates 
Time off
  • Time off updates 
  • Time off policy updates 
  • Public holiday updates 
  • Balance adjustments 
Imports
  • Employee imports 
  • Attendance period imports 
  • Time off period imports 
  • Document imports 
Organization
  • Office updates 
  • Permanent establishment updates 
  • Legal entity updates 
  • Department/team updates 
Permissions
  • Employee role updates 
  • Permission updates
Subscription
  • Subscription plan updates
  • Subscription seat updates
  • Add-on updates
  • Billing period updates
  • Subscription status updates
Login
  • 2FA updates 
  • User invitation updates 
  • Password updates 
  • User login/logout 
  • Login and logout events performed by Personio Support agents
Recruiting
  • Application deletion

The Audit Log shows end dates for full-day absences as the day after the real end date. For example, this is how the system logs full-day time periods:

  • A user requests an absence for 5 November.
  • The system logs it from 5 November at 00:00 until 6 November at 00:00.
  • The Audit Log displays the end date as 6 November instead of 5 November.

Review affected events and implications

We’ve identified an issue affecting the information displayed in the Performed by column of some log entries. While most logs are accurate, a small number of events may permanently lack details about who performed the action.

This does not affect the underlying functionality. For example, if an Update permissions log entry does not show who made the change, the system still processed the update as intended.

Help us improve. Is this page helpful?