Session Logging & Compliance

Helm Enterprise records a tamper-evident audit log of every technician session for compliance and security review.

What Gets Logged

Session metadata:

Technician identity and authentication method
Endpoint connected to, client, date/time
Session duration

Activity log:

Every command executed and its output
Files transferred (name, size, direction)
AI prompts and responses
M365 actions performed (user modified, action taken)
Software installed or removed

DLP Audit Log

The DLP (Data Loss Prevention) audit log captures file transfer activity specifically:

Files copied from endpoint to technician machine
Files copied from technician machine to endpoint
File names, sizes, and timestamps

This provides proof that sensitive files were not exfiltrated during a session.

Log Retention

Logs are stored on your infrastructure and retained according to your policy. Helm does not retain logs on our servers.

Compliance Use Cases

HIPAA — Healthcare MSPs can demonstrate that access to patient data environments was logged and auditable.

SOC 2 — Audit trail of privileged access to client environments.

Cyber insurance — Insurers increasingly require privileged access management (PAM) with session recording. Helm’s audit log satisfies this requirement.

Client contracts — Some enterprise clients require proof of access logging. Helm provides that proof natively.

Availability

Session logging and DLP audit logging are Enterprise tier features.