Audit trail - Revision history

Shawndouglas: Updated and added to content

2022-01-05T23:14:28Z

Updated and added to content

← Older revision		Revision as of 23:14, 5 January 2022
Line 1:		Line 1:
	An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web \|url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|title=National Information Assurance (IA) Glossary \|publisher=Committee on National Security Systems \|pages=4 \|date=~~7 August 1996~~ \|~~accessdate~~=~~07 March~~ 2012 \|~~format~~=~~PDF~~}}</ref><ref>{{cite web \|url=http://www.atis.org/glossary/definition.aspx?id=5572 \|title=ATIS Telecom Glossary 2012 - audit trail \|publisher=ATIS Committee PRQC \|date=2012 \|accessdate=07 March ~~2012~~}}</ref> It may be composed of manual or computerized records of events and [[information]], or both.		An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web \|url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|archiveurl=https://web.archive.org/web/20120415010047/http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|format=PDF \|title=National Information Assurance (IA) Glossary \|publisher=Committee on National Security Systems \|pages=4 \|date=26 April 2010 \|archivedate=15 April 2012 \|accessdate=05 January 2022}}</ref><ref>{{cite web \|url=http://www.atis.org/glossary/definition.aspx?id=5572 \|archiveurl=https://web.archive.org/web/20130313232104/https://www.atis.org/glossary/definition.aspx?id=5572 \|title=ATIS Telecom Glossary 2012 - audit trail \|publisher=ATIS Committee PRQC \|date=2012 \|archivedate=13 March 2013 \|accessdate=05 January 2022}}</ref><ref name="NISTAuditTrail">{{cite web \|url=https://csrc.nist.gov/csrc/media/publications/shared/documents/itl-bulletin/itlbul1997-03.txt \|format=TXT \|title=Audit Trails \|publisher=National Institute for Standardization \|date=March 1997 \|accessdate=05 January 2022}}</ref> It may be composed of manual or computerized records of events and [[information]], or both.

	An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book \|title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks \|author=Brancik, Kenneth C. \|chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls \|year=2007 \|pages=18–19 \|publisher=CRC Press \|url=~~http~~://books.google.com/books?id=lsDngU-RUywC \|isbn=1420046594}}</ref>		An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book \|title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks \|author=Brancik, Kenneth C. \|chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls \|year=2007 \|pages=18–19 \|publisher=CRC Press \|url=https://books.google.com/books?id=lsDngU-RUywC&hl \|isbn=1420046594}}</ref>

			Audit trails are recommended or mandated in various guidance, standards, and regulations, including:

			* 21 CFR Part 211: mentioned at various points, including at section 68, 100, 160, 188, and 194<ref name="FDA21CFRPart211">{{cite web \|url=https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=211 \|title=Code of Federal Regulations Title 21 Part 211 Current Good Manufacturing Practice for Finished Pharmaceuticals \|publisher=U.S. Food and Drug Administration \|date=01 October 2021 \|accessdate=05 January 2022}}</ref>
			* [[ASTM E1578]]: "The laboratory informatics solution should have validated electronic audit trails that record information about each transaction, both for initial entries as well as modifications to entries."<ref name="ASTME1578-18">{{cite web \|url=https://www.astm.org/e1578-18.html \|title=ASTM E1578-18 Standard Guide for Laboratory Informatics \|publisher=ASTM International \|date=23 August 2019 \|accessdate=05 January 2022}}</ref>
			* CJIS Security Policy: "...shall produce, at the application and/or operating system level, audit records containing sufficient information to establish what events occurred, the sources of the events, and the outcomes of the events"<ref name="CJISSec20">{{cite web \|url=https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center \|title=Criminal Justice Information Services (CJIS) Security Policy \|publisher=U.S. Department of Justice \|date=01 June 2020 \|accessdate=05 January 2022}}</ref>
			* E.U. Commission Directive 2003/94/EC: "... and audit trails shall be maintained"<ref name="OJEU2003_94_EC">{{cite web \|url=https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2003:262:0022:0026:en:PDF \|format=PDF \|title=Commission Directive 2003/94/ED \|work=Official Journal of the European Union \|date=08 October 2003 \|accessdate=05 January 2022}}</ref>
			* [[ISO 15189]]: "Ensures the integrity of the data and information and includes the recording of system failures and the appropriate immediate and corrective actions" and is "in compliance with national or international requirements regarding data protection"<ref name="ISO15189">{{cite web \|url=https://www.iso.org/standard/56115.html \|title=ISO 15189:2012 Medical laboratories — Requirements for quality and competence \|publisher=International Organization for Standardization \|date=November 2012 \|accessdate=05 January 2022}}</ref>
			* NIST SP 800-53 Rev. 5: "Ensure that audit records contain information that establishes" a variety of "indicators of event success or failure"<ref name="NIST800-53Rev5">{{cite web \|url=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf \|format=PDF \|title=NIST Special Publication 800-53 Revision 5: Security and Privacy Controls for Information Systems and Organizations \|publisher=National Institute of Standards and Technology \|date=September 2020 \|accessdate=05 January 2022}}</ref>

	==References==		==References==
	~~<references />~~		{{Reflist\|colwidth=30em}}

	<!---Place all category tags here-->		<!---Place all category tags here-->
	[[Category:Regulatory terms]]		[[Category:Regulatory terms]]

Shawndouglas: Added cat

2014-08-06T16:29:41Z

Added cat

← Older revision		Revision as of 16:29, 6 August 2014
Line 5:		Line 5:
	==References==		==References==
	<references />		<references />

			<!---Place all category tags here-->
			[[Category:Regulatory terms]]

Shawndouglas: Internal link.

2013-09-13T22:04:04Z

Internal link.

← Older revision		Revision as of 22:04, 13 September 2013
Line 1:		Line 1:
	An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web \|url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|title=National Information Assurance (IA) Glossary \|publisher=Committee on National Security Systems \|pages=4 \|date=7 August 1996 \|accessdate=07 March 2012 \|format=PDF}}</ref><ref>{{cite web \|url=http://www.atis.org/glossary/definition.aspx?id=5572 \|title=ATIS Telecom Glossary 2012 - audit trail \|publisher=ATIS Committee PRQC \|date=2012 \|accessdate=07 March 2012}}</ref> It may be composed of manual or computerized records of events and information, or both.		An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web \|url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|title=National Information Assurance (IA) Glossary \|publisher=Committee on National Security Systems \|pages=4 \|date=7 August 1996 \|accessdate=07 March 2012 \|format=PDF}}</ref><ref>{{cite web \|url=http://www.atis.org/glossary/definition.aspx?id=5572 \|title=ATIS Telecom Glossary 2012 - audit trail \|publisher=ATIS Committee PRQC \|date=2012 \|accessdate=07 March 2012}}</ref> It may be composed of manual or computerized records of events and [[information]], or both.

	An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book \|title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks \|author=Brancik, Kenneth C. \|chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls \|year=2007 \|pages=18–19 \|publisher=CRC Press \|url=http://books.google.com/books?id=lsDngU-RUywC \|isbn=1420046594}}</ref>		An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book \|title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks \|author=Brancik, Kenneth C. \|chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls \|year=2007 \|pages=18–19 \|publisher=CRC Press \|url=http://books.google.com/books?id=lsDngU-RUywC \|isbn=1420046594}}</ref>

Shawndouglas: Updated article stub.

2012-03-07T18:50:24Z

Updated article stub.

← Older revision		Revision as of 18:50, 7 March 2012
Line 1:		Line 1:
	A record of ~~events related to an individual data element including the original information~~ and ~~any changes to~~ the ~~information used to reconstruct a series~~ of ~~related events~~ that have ~~occurred~~. It may be composed of manual or computerized records of events and information, or both~~. A critical feature for any [[LIMS]]~~.		An '''audit trail''' is a security-relevant chronological record, set of records, or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.<ref>{{cite web \|url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf \|title=National Information Assurance (IA) Glossary \|publisher=Committee on National Security Systems \|pages=4 \|date=7 August 1996 \|accessdate=07 March 2012 \|format=PDF}}</ref><ref>{{cite web \|url=http://www.atis.org/glossary/definition.aspx?id=5572 \|title=ATIS Telecom Glossary 2012 - audit trail \|publisher=ATIS Committee PRQC \|date=2012 \|accessdate=07 March 2012}}</ref> It may be composed of manual or computerized records of events and information, or both.

	~~The~~ record of events, either individually, or in blocks of temporally connected changes~~, must be~~ associated with an individual user (or if changes are created automatically by the system, this must be indicated) and ~~an unambiguous record of~~ the date and time the change occurred (e.g., by the use of a time zone or reference to GMT).		An audit trail includes an unambiguous record of events — either individually, or in blocks of temporally connected changes — associated with an individual user (or if changes are created automatically by the system, this must be indicated) and the date and time the change occurred (e.g., by the use of a time zone or reference to GMT). The process that creates an audit trail often run in privileged mode so it can access and supervise all actions from all users and disallow normal users from accessing the audit trail. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book \|title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks \|author=Brancik, Kenneth C. \|chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls \|year=2007 \|pages=18–19 \|publisher=CRC Press \|url=http://books.google.com/books?id=lsDngU-RUywC \|isbn=1420046594}}</ref>

			==References==
			<references />

Shawndouglas: Created article stub.

2011-04-20T20:34:02Z

Created article stub.

New page

A record of events related to an individual data element including the original information and any changes to the information used to reconstruct a series of related events that have occurred. It may be composed of manual or computerized records of events and information, or both. A critical feature for any [[LIMS]].

The record of events, either individually, or in blocks of temporally connected changes, must be associated with an individual user (or if changes are created automatically by the system, this must be indicated) and an unambiguous record of the date and time the change occurred (e.g., by the use of a time zone or reference to GMT).