Compliance

Adjudication is a regulated activity: decisions must be traceable, records retained and protected, access controlled, and process rules followed as they change. Adjudicate provides the mechanisms an operator relies on to meet those obligations — audit, retention, isolation, access control, and configurable rules. This page indexes them; each is documented in full on its own page.

Traceability — the audit trail

Every action is a stored, append-only event scoped to its case: who did what, to which document, when. Views, annotations, searches, tags, downloads, status changes, and routing decisions all leave a record. Because the audit log is the same appeal-keyed data as everything else (see Data & isolation), you can reconstruct exactly what a reviewer saw and did on the day they relied on it — the basis for defensible, reviewable decisions.

Retention

Retention is policy over the same records: how long a deployment keeps closed-case data, and what gets produced on a records request. Because every artifact is keyed by case with a timestamp and an actor, retention and legal-hold operate over one consistent store — there’s no separate archive to keep in sync. Covered under Data & isolation.

Isolation — protecting the record

The privacy obligation — one party’s record stays sealed from another’s — is enforced structurally: the per-appeal key boundary and the per-deployment (tenant) account boundary. Self-hosting and single-tenant deployment also let an operator satisfy data-residency and data-handling requirements directly. See Data & isolation.

Access control

Who may open which cases, and who may take which actions, is governed by Users & teams — provisioned identities, roles that gate capabilities, and team-based assignment. Authentication integrates with an external identity provider or uses the platform’s realm; either way authorization is a fresh, expiring credential, never a long-lived secret.

Encoding the rules

Regulatory and policy logic changes — and intake categorization, eligibility, routing, and gating must change with it. Those rules live as configurable business rules on the Workflow engine — configuration a deployment adjusts as the rules evolve, without a release. Quality-review gates work the same way: the workflow shape carries the policy.