Implementing Audit Trail System to Meet

Your Compliance Audit Requirements

Steven AlexanderPrincipal Consultant

Lotusphere Comes to You 2009

• Discuss techniques for responding to the

challenges posed during a compliance audit of

your Domino environment, whether it is for

internal compliance policies or for statutory

requirements such as SOX, HIPAA, or CFR Part

11 or other related compliance legislations.

• Discuss the key requirements for a typical audit

trail system.

Session ObjectivesSession Objectives

• Understanding compliance and its purpose

• Implement a comprehensive audit trail system that:

� tracks the complete life cycle of all objects in the Domino environment

�Aids in achieving regulatory compliance such as SOX, HIPAA, CFR Part 11, SAS 70, eDiscovery, Data Protection Directive

• Implementation needs to be non-disruptive and non-intrusive

• Most important of all – implementation should require no investment in applications development efforts and need no development skill-sets for continuous support.

ChallengesChallenges

• Satisfies legal obligations stipulated by government agencies.

• Effective internal control and competent corporate governance of a public

company.

• Addresses issues particular to the regulated industry concerned (e.g., pharmaceutical, healthcare, etc.)

• Compliance encompasses all areas of corporate activities, in particular Finance and I.T.

• The Sarbanes-Oxley Act (“SOX”) is one of the most stringent compliance legislation (2002) that must be satisfied by all U.S. publicly traded companies globally. (JSOX(Japan), CSOX(Canada).

• Compliance requirements provide an excellent set of guidelines and standards for best practices in protecting the interests of any size company.

Compliance Compliance –– What is It, and Why?What is It, and Why?

• Compliance is typically supervised by an independent body with oversight responsibilities, for example, PACOB(PublicAccounting Oversight Board) was created by SOX to bear such responsibilities.

• A PACOB compliance audit will assess and report on the corporation’s diligence to maintain/update effective continuous control and to provide comprehensive auditable evidence.

Challenges of a Compliance AuditChallenges of a Compliance Audit

WellWell --known companies use SecurTracknown companies use SecurTrac

What Is What Is SecurTracSecurTrac®® and Its Benefitsand Its Benefits

SecuTrac® is an audit trail system to monitor your entire Domino

environment including intrusion detection, e-mail, application

databases, Domino Directory, NOTES.INI, and user activities, all

without any programming or design changes required! It is:

� Cost effective: instant deployment, no programming.

� Easy-to-use GUI

� Track information leaks or illegal intrusion events

� Installation of SecurTrac® motivates and reinforces the proper behaviors for staff

� Be proactive with customizable real-time e-mail alerts

� Provides a starting point for investigations

Control Challenge 1:

How to monitor all e-mail to identify employees leaking company

information to external addresses or accessing other people’s e-mail

illegally.

Solution 1:

Use the SecurTrac Mail Monitor to capture message header, content,

attachments and illegal opening of an e-mail .

Solution DemonstrationSolution Demonstration

Control Challenge 2:

Monitor the Domino Directory and identify who is making

changes to all types of documents e.g. Server or Group

documents and detail specifically what changes are being

made and by who.

Solution 2:

Use the SecurTrac Domino Directory Monitor

Solution DemonstrationSolution Demonstration

Control Challenge 3:

Monitor Database application activity to keep track of

changes to documents, design and ACLs.

Solution 3:

Use the SecurTrac Database Monitor to capture

changes to document fields, design elements and

ACLs, along with the advanced ability to restore back

to its original state at the click of a button.

Solution DemonstrationSolution Demonstration

Thank You!

SecurTracSecurTrac®® ……THE Domino Compliance SolutionTHE Domino Compliance Solution