diff --git a/ee/app/services/security/orchestration/assign_service.rb b/ee/app/services/security/orchestration/assign_service.rb
index e3d4b3bd63412a818c309b4a4fa9d73fa81222c6..0829dab6c3b7ee245065aa272ecb54e613d7923a 100644
--- a/ee/app/services/security/orchestration/assign_service.rb
+++ b/ee/app/services/security/orchestration/assign_service.rb
@@ -21,17 +21,29 @@ def create_or_update_security_policy_configuration
           return unassign_policy_project
         end
 
+        audit_message = ''
+
         policy_project = Project.find(policy_project_id)
 
         if has_existing_policy?
           container.security_orchestration_policy_configuration.update!(
             security_policy_management_project_id: policy_project.id
           )
+          audit_message = "Removed and added new policy project"
         else
           container.create_security_orchestration_policy_configuration! do |p|
             p.security_policy_management_project_id = policy_project.id
           end
+          audit_message = "Added new policy project"
         end
+
+        ::Gitlab::Audit::Auditor.audit(
+          name: 'policy_project_updated',
+          author: current_user,
+          scope: container,
+          target: policy_project,
+          message: audit_message
+        )
       end
 
       def unassign_policy_project
diff --git a/ee/app/services/security/orchestration/unassign_service.rb b/ee/app/services/security/orchestration/unassign_service.rb
index 8ff033788dff3e870dd48f58db40e1e1c83cb4ad..e8fe7907209ff7633120d640997d48c83c655072 100644
--- a/ee/app/services/security/orchestration/unassign_service.rb
+++ b/ee/app/services/security/orchestration/unassign_service.rb
@@ -9,7 +9,16 @@ def execute
         security_orchestration_policy_configuration.delete_scan_finding_rules # To be removed in https://gitlab.com/gitlab-org/gitlab/-/issues/369473#feature-update
 
         result = security_orchestration_policy_configuration.delete
-        return success if result
+        if result
+          ::Gitlab::Audit::Auditor.audit(
+            name: 'policy_project_updated',
+            author: current_user,
+            scope: container,
+            target: container,
+            message: "Removed policy project"
+          )
+          return success
+        end
 
         error(container.security_orchestration_policy_configuration.errors.full_messages.to_sentence)
       end