refactor: standardize audit logging for ISO27001 compliance

gatehouse_app/api/v1/policies.py

@@ -6,8 +6,7 @@ from gatehouse_app.utils.response import api_response
 from gatehouse_app.utils.decorators import login_required, require_admin, full_access_required
 from gatehouse_app.services.mfa_policy_service import MfaPolicyService
 from gatehouse_app.services.organization_service import OrganizationService
-from gatehouse_app.services.audit_service import AuditService
-from gatehouse_app.utils.constants import MfaPolicyMode, MfaRequirementOverride, MfaComplianceStatus, AuditAction
+from gatehouse_app.utils.constants import MfaPolicyMode, MfaRequirementOverride, MfaComplianceStatus
 
 
 class UpdateOrgPolicySchema(Schema):
@@ -291,16 +290,6 @@ def update_user_security_policy(org_id, user_id):
             updated_by_user_id=g.current_user.id,
         )
 
-        # Log the override change with details
-        AuditService.log_action(
-            action=AuditAction.USER_SECURITY_POLICY_OVERRIDE_UPDATE,
-            user_id=g.current_user.id,
-            organization_id=org_id,
-            resource_type="user",
-            resource_id=user_id,
-            description=f"User security policy override changed to {data['mfa_override_mode']} for user {user_id}",
-        )
-
         return api_response(
             data={
                 "user_security_policy": {