How evidence grade logs change the outcome of a dispute
Most organisations treat logs as a technical detail until something goes wrong. At that point, the quality of your logging can decide whether you are believed, blamed, or taken seriously.
What evidence grade logs actually are
Evidence grade logs are not magic or complex. They are simply records that are:
- Clear enough for a non technical person to understand.
- Detailed enough to answer basic who, what, when, and where questions.
- Consistent enough that you can rely on them under scrutiny.
- Stored in a way that they are available when you need them.
Put another way, evidence grade logs are logs you can safely attach to an email to a regulator, ombudsman, or senior manager without having to apologise for the state of them.
Why logging quality changes outcomes
In a dispute, there are usually two stories. One is what people remember, or claim to remember. The other is what actually happened on your systems.
If your logs are vague, missing, or unreadable, your organisation falls back on opinion and reputation. If your logs are clear and well presented, you can show:
- Whether someone accessed a system or page at a particular time.
- Where they came from.
- What they tried to do.
- How your systems responded.
That difference matters when there is a complaint, a safeguarding concern, or a regulator asking questions.
Two real world examples
The Reasonable Adjustment has used evidence grade logs in live public interest work. Two examples that show the difference they make:
- NPA insurance website monitoring Detailed logs showed that NPA Insurance were actively visiting an advocacy site while ignoring correspondence. The article Insurers Caught in the Logs: NPA Spotted Monitoring My Website walks through what was recorded and why it mattered.
- Traffic spikes and monitoring claims Later, when monitoring was denied, new traffic patterns and log entries helped show that visits were still happening. In NPA says they do not monitor. Today my logs say otherwise. the logs became a counterweight to carefully worded statements.
In both cases, the logs did not speak for themselves. They needed context and explanation. But without structured logs in the first place, there would have been nothing to point to when the story did not match the behaviour.
What small organisations can realistically log
You do not need an enterprise SIEM platform to build useful evidence grade logs. A small organisation can get most of the benefit from:
- Web access logs and analytics Cloudflare, your hosting provider, and lightweight analytics tools can all provide basic access information.
- Firewall events Even simple allow or block logs show whether certain requests reached your systems and how they were handled.
- Form submissions Keeping a record of when forms were submitted and what happened with them, without storing unnecessary sensitive content, can help in complaints.
- System changes A basic change log for DNS changes, firewall rules, and content updates helps explain why something looked different at a certain time.
The key is consistency. A small, steady set of logs kept for a sensible period will usually outperform a flood of unstructured data that nobody can interpret.
How logs fit into dispute handling
When a complaint or dispute escalates, evidence grade logs support you in three ways.
1. Reconstructing timelines
You can use logs to build a clear timeline: when someone visited, when they submitted a form, when your system responded, and when you replied. This makes it harder for people to rewrite events from memory.
2. Challenging inaccurate claims
If someone claims they never accessed a system, or that you blocked them unfairly, log data can show a more accurate picture. This does not mean you treat the logs as infallible, but it gives you something objective to put alongside the narrative.
3. Showing regulators that you are serious
When a regulator asks questions, the ability to provide structured logs and a short explanation of what they show is a sign of basic competence. It signals that you have thought about security, data protection, and traceability rather than improvising after the fact.
What evidence grade logs are not
Logs will not fix poor decisions by themselves. They will not make a weak position strong. They do not remove the need to treat people fairly or to follow the law.
What they do is reduce uncertainty. They give your organisation a way to show what happened, even when memories are blurred or trust has broken down.
Starting simple
If you currently have no logging strategy at all, start small:
- Confirm what logs you already have from hosting, Cloudflare, and any security tools.
- Decide how long you will keep them, and document it in your internal notes.
- Make sure at least one person knows how to export and read them.
- Test this with a pretend incident, so you are not learning during a real one.
Over time, you can build up to more detailed logging and structured exports when your organisation is ready.
In plain English
- Evidence grade logs are clear records you can rely on in a dispute.
- Even small organisations can build useful logs without complex systems.
- Logs do not replace fairness, but they do help you prove what happened.
If you are interested in making your logging and security part of a wider case readiness plan, you can read more about Ki-Ki’s work on the Digital support page.