Defensible record

Also: Audit trail, Decision of record

A single versioned artefact that captures a decision in enough structure, with enough evidence and stakeholder context, that it can be defended under audit, in a board review, or 12 months later when the original team is no longer in place.

The idea of a defensible record goes back to medical decision-making and military after-action review: if the decision is the object, then the record of the decision must survive its context. Personnel change. Memories fade. The record stays.

Three properties make a record defensible: it is structured enough that a third party can reconstruct the reasoning, it is evidence-backed such that each claim is traceable to a source, and it is stakeholder-signed so accountability is explicit.

In B2B technology decisions, a defensible record is usually a decision memo plus the linked evidence and stakeholder briefs. In regulated scopes, it is non-optional: NIS2 Art. 20, DORA Art. 28, ISO 27001 clause 7.5 and SOC 2 trust services criteria all effectively require a defensible record at the moment of decision.

Defensible record

Related terms