implementing audit trail system - ibm audit trail system ... aids in achieving regulatory compliance...
TRANSCRIPT
Implementing Audit Trail System to Meet
Your Compliance Audit Requirements
Steven AlexanderPrincipal Consultant
Lotusphere Comes to You 2009
• Discuss techniques for responding to the
challenges posed during a compliance audit of
your Domino environment, whether it is for
internal compliance policies or for statutory
requirements such as SOX, HIPAA, or CFR Part
11 or other related compliance legislations.
• Discuss the key requirements for a typical audit
trail system.
Session ObjectivesSession Objectives
• Understanding compliance and its purpose
• Implement a comprehensive audit trail system that:
� tracks the complete life cycle of all objects in the Domino environment
�Aids in achieving regulatory compliance such as SOX, HIPAA, CFR Part 11, SAS 70, eDiscovery, Data Protection Directive
• Implementation needs to be non-disruptive and non-intrusive
• Most important of all – implementation should require no investment in applications development efforts and need no development skill-sets for continuous support.
ChallengesChallenges
• Satisfies legal obligations stipulated by government agencies.
• Effective internal control and competent corporate governance of a public
company.
• Addresses issues particular to the regulated industry concerned (e.g., pharmaceutical, healthcare, etc.)
• Compliance encompasses all areas of corporate activities, in particular Finance and I.T.
• The Sarbanes-Oxley Act (“SOX”) is one of the most stringent compliance legislation (2002) that must be satisfied by all U.S. publicly traded companies globally. (JSOX(Japan), CSOX(Canada).
• Compliance requirements provide an excellent set of guidelines and standards for best practices in protecting the interests of any size company.
Compliance Compliance –– What is It, and Why?What is It, and Why?
• Compliance is typically supervised by an independent body with oversight responsibilities, for example, PACOB(PublicAccounting Oversight Board) was created by SOX to bear such responsibilities.
• A PACOB compliance audit will assess and report on the corporation’s diligence to maintain/update effective continuous control and to provide comprehensive auditable evidence.
Challenges of a Compliance AuditChallenges of a Compliance Audit
What Is What Is SecurTracSecurTrac®® and Its Benefitsand Its Benefits
SecuTrac® is an audit trail system to monitor your entire Domino
environment including intrusion detection, e-mail, application
databases, Domino Directory, NOTES.INI, and user activities, all
without any programming or design changes required! It is:
� Cost effective: instant deployment, no programming.
� Easy-to-use GUI
� Track information leaks or illegal intrusion events
� Installation of SecurTrac® motivates and reinforces the proper behaviors for staff
� Be proactive with customizable real-time e-mail alerts
� Provides a starting point for investigations
Control Challenge 1:
How to monitor all e-mail to identify employees leaking company
information to external addresses or accessing other people’s e-mail
illegally.
Solution 1:
Use the SecurTrac Mail Monitor to capture message header, content,
attachments and illegal opening of an e-mail .
Solution DemonstrationSolution Demonstration
Control Challenge 2:
Monitor the Domino Directory and identify who is making
changes to all types of documents e.g. Server or Group
documents and detail specifically what changes are being
made and by who.
Solution 2:
Use the SecurTrac Domino Directory Monitor
Solution DemonstrationSolution Demonstration
Control Challenge 3:
Monitor Database application activity to keep track of
changes to documents, design and ACLs.
Solution 3:
Use the SecurTrac Database Monitor to capture
changes to document fields, design elements and
ACLs, along with the advanced ability to restore back
to its original state at the click of a button.
Solution DemonstrationSolution Demonstration