Architecture
Stood up a permissioned Hyperledger Fabric network for tamper-evident identity workflows and audit logging across four mutually-distrusting business units.
Architecture
100% immutable
Audit Integrity
A multinational enterprise with regulatory exposure across financial services and supply-chain compliance. Internal audit had flagged that several existing logging systems were technically mutable by their owning team — a finding that would not survive an external review. Legal wanted cryptographic guarantees, the business units wanted no single owner, and IT wanted something they could actually run on-call without summoning a blockchain consultant every time a peer node restarted.
The challenge
Four business units inside a large enterprise needed a shared audit trail and identity layer they could each independently trust. A traditional shared database would have meant one of them owned the keys to the kingdom — politically and operationally untenable.
Approach
Discovery workshops with the four business units to agree on the channel topology, endorsement policies, and what the chain would and would not store.
Designed a permissioned Hyperledger Fabric network with one ordering service, four organisations, and a private data collection per regulatory boundary.
Implemented chaincode in Go for identity issuance, attestation, and append-only log entries; stored only hashes and minimal metadata on-chain, with rich payloads in encrypted off-chain storage.
Built a small operations tooling layer — peer health, channel join, certificate rotation — so the SRE team could operate the network without specialist blockchain knowledge.
Integrated the network with the enterprise identity provider and existing SIEM so the new system showed up in the same panes of glass everyone already used.
The solution
A private Hyperledger Fabric network for identity issuance and tamper-evident logging, with smart contracts coordinating multi-party workflows and consensus removing the need for any single party to be trusted unilaterally.
What made it operable in production was the deliberate boundary: only minimal hashed metadata on the ledger; private data collections for anything regulated; rich payloads encrypted off-chain. The network gave the trust guarantees the auditors wanted without dragging the entire data estate onto a blockchain.
Audit Integrity
Identity Verification
Trust Disputes
Reflections
Most of the engineering effort went into deciding what should not go on the chain. Once the team accepted that the ledger was a notary, not a database, the design got dramatically simpler — and the operational pager got dramatically quieter. The four business units now share an audit trail none of them can quietly rewrite, and internal audit closed the original finding.
Continue exploring
Engagements are scoped around outcomes, not hours. The fastest path is a short discovery call—no slides, just questions.
