How Workday security history helps streamline audit and compliance

Workday 2025 R1 contains several new features that can help maintain your Workday security model and helps streamline your auditing process. This new tool is designed to make security administration easier by increasing visibility to security group configuration changes and helping organizations maintain control over compliance requirements with less effort.

One of the new features is the Security History for Users Audit, which is a report that allows security administrators to quickly track changes in security group membership. This helps improve transparency to important security configuration changes and simplifies related compliance efforts.

The Workday Security History Report is automatically available with 2025 R1 release. It is designed to help security administrators track changes affecting logical access and Workday security entitlements at the security group level and worker level. Administrators can use the report to gain a view of security events that occurred within the specified period. Key information included in the report includes:

• Security history event: Name of the security event that occurred
• Date and time of change: Captures the moment when the security event took place, including both the date and the precise time
• Subject of the event: Refers to the user affected by the security event
• Security group affected: Specifies the security group that was directly impacted by the security event
• Security revoked: Indicates whether access to the security group was granted or revoked
• Security group type: Defines the type of security group involved
• Completed by: Name of the user who executed or completed the security event

Features of the report include a customizable timeframe (sets specific start and end dates to filter the security events within a defined period), user and organization filters (narrow results by selecting specific users or related organizations) and events insights (access detailed data about security events, including affected groups and any access revocations). The report is a simple tool with multiple use cases for controls-minded organizations, including:

• Compliance audits: Quickly access a record of security group changes to help confirm that configuration changes align with logical access controls and related audit/compliance standards. The report helps administrators see what entitlements changed and who it impacted.
• User-based security reviews: Periodic security reviews of privileged user-based security groups and group membership can benefit from the report’s ability to show changes over time, helping identify inappropriate changes, unusual patterns or related security risks. Paired with recently introduced user-based security group assignment workflows, Workday provides strong preventive and detective control capabilities.
• Event monitoring and incident investigation: If you are using event monitoring in your control framework, the report can help you track security related changes in near-time. This approach may help complement security practices for organizations that evaluate changes against established and security baseline. Further, if a security incident occurs, the report can help identify changes to security groups during the period leading up to the event and provide valuable context.

One drawback is that the Security History Report only applies to user-based and the users security groups. Workday plans to extend support for additional types of security groups in future releases helping further enhance the report's capabilities and applicable use cases.

This new tool is designed to make security administration a little easier by increasing visibility to security group configuration changes and helping organizations maintain control over compliance requirements with a little less effort. The report is a great start to a growing audit and compliance toolkit in Workday.

Contact us or learn more about how PwC can support your Workday journey with effective and sustainable Workday security.