Internal investigation software with the audit trail regulated work demands
Email threads for sensitive matters, shared drives with no access controls, no traceable history of who saw what. When a matter becomes a dispute or a regulator asks questions, you need a workspace that was built for accountability from day one — not retrofitted after the fact.
Sound familiar?
Sensitive matters handled in email aren't handled — they're exposed
When a regulator or tribunal asks for a record of who knew what and when, scattered email threads won't cut it.
- Matter documents spread across email, shared drives, and local folders
- No clear record of who accessed sensitive files and when
- Access control is all-or-nothing at the folder level
- Team discussion in email chains that are impossible to reconstruct
- No auditable trail of decisions made during an investigation
- Every document, note, and communication tied to one case record
- Automatic timestamp and attribution on every file access
- Per-case, per-user roles — read-only, editor, or admin
- Threaded, attributed comments attached directly to the matter
- A complete, exportable audit trail built automatically as you work
Built for regulated work
Every control a legal team actually needs
Not a generic project tool. A workspace where access is controlled, actions are logged, and nothing can be quietly changed.
Tamper-evident audit trail
Every action — view, edit, upload, comment, permission change — is recorded with a timestamp and user. The log cannot be edited or deleted. You always know who did what and when.
Granular role-based access
Assign read, edit, or admin access per case, per team member. Sensitive matters are only visible to those who need them. Every access change is logged instantly.
Secure document management
Upload all matter documents directly to the case. Files are encrypted at rest and stored on separate infrastructure. Every access is recorded — no silent reads.
Dated records timeline
A structured, timestamped timeline of every entry on the case. Findings, decisions, correspondence summaries — all logged in order, attributed to the author, and permanent.
Internal threaded discussion
Threaded comments per case with replies, edit history, and attribution. Keep team deliberation attached to the matter — not buried in email threads that are hard to reconstruct.
Task & deadline tracking
Create tasks per matter with due dates, priority, and team assignment. The SLA dashboard flags overdue and due-soon items across your full caseload.
Parties & contacts
Link all involved parties — employees, counsel, regulators, witnesses — as contacts on the matter, with private notes and relationship context for each.
Controlled external sharing
Share specific documents with external counsel or a regulator via a secure, expiring portal link — without granting access to your full workspace or other matters.
2FA & hardware key support
TOTP two-factor authentication and WebAuthn hardware security key support on every account. Sensitive workspaces need a second factor — not just a strong password.
Workflow
From intake to resolution
A structured four-step process that keeps every matter organised, accountable, and defensible from open to close.
Open the matter
Create a case, set the classification and importance, assign access only to the team members who need it — with exactly the role they need.
Build the record
Upload documents, link involved parties as contacts, log findings as dated notes. Every action is attributed and timestamped automatically.
Track tasks & decisions
Create tasks for follow-up actions with due dates and priority. Log key decisions as case records so the reasoning behind them is always traceable.
Close with a full trail
Outcome recorded, audit trail complete, matter closed. If it ever needs to be reopened — or handed to external counsel — the entire record is ready to share.
FAQ
Questions legal & compliance teams ask
What's the best software for managing internal investigations?
Internal investigation software needs to keep all matter documents, communications, and findings in one place, with an immutable audit trail and per-person access controls. Herarx does this: every case holds all documents, contacts, notes, and tasks in one record, with role-based access per case and a tamper-evident log of every action from open to close.
Does Herarx provide an audit trail suitable for compliance purposes?
Yes. Every file access, edit, comment, permission change, and case update is recorded automatically with a timestamp and the user who performed it. The audit trail cannot be edited or deleted. Herarx has not yet completed a formal independent security audit (it's on the roadmap), so for environments with specific regulatory certification requirements, verify this fits your compliance framework.
Can I control who sees sensitive matters?
Yes. Access is granted per case, per user, with read, edit, or admin roles. A sensitive matter is only visible to the team members you invite. Access changes are logged immediately. You can also share specific documents with external parties via a secure, expiring portal link without exposing anything else.
Can multiple team members collaborate on the same matter?
Yes. You can invite any number of team members to a case with specific roles. Internal comments, tasks, and notes are all attributed and timestamped, so the full collaboration history is preserved — not scattered across email.
Is Herarx free for legal teams?
There's a free tier — no credit card required — that lets you run your first matters before committing. Paid plans add team features for larger operations. Encryption, 2FA, and the full audit trail are included on every plan, including free.
Every matter deserves a proper record.
Always free to get started. No credit card. Audit logging and encryption are on from day one.