The purpose of the policy is for the organisation to make conscious choices about what data needs to be captured to an audit trail and then agree the mechanisms by which this is done and who is accountable for ensuring that it is done. The main questions which need consideration are:
Data Requiring Audit (DRA)
Here the organisation defines the data which will be subject to the
Audit Trail Protection protocol. Typical examples include Financial Data,
External Contact Data, Call logs, Network access logs etc
Individuals Responsible for DRA
Those who create the data on a day to day basis and those technically
responsible for the archiving system are identified here. In small organisations,
this will typically be named individuals. In larger organisations, it
will tend to consist of departments and only relevant line management
will be named.
Relevant Software Applications
An itemised list of the software which will need plugins or other
interface software to capture the DRA automatically
The Audit Period
the period over which data will be archived (typically 24 hours)
Local Storage
This refers to formal designation of both Transient Secure Audit
Locations(TSAL) and Permanent Secure Audit Locations(PSAL).
The Transient area is where data is stored during the Audit period. The
Permanent area is where that data is moved to at the end of the Audit
period so that the Transient area is cleared ready for the next Audit
period. Appropriate security protocols for protecting the Audit Locations
are also defined at this point.
While the file exists in the TSAL, authors (and, optionally, others) can amend it or delete it. Once the file is moved to the PSAL, however, the file can only be read rather than amended or deleted. As some documents take many days to draft, this implies the need for an "editing" area and a "draft" status to deal with documents which will only require audit capture once complete.
Accountability
Specify the hierarchy of responsibility for the implementation and operation
of this policy.
Manual Procedures and Automation
Itemised list of what can and cannot be automated and the manual procedures
and checks which will deal with collection of data that cannot be automated.
Exceptions
Those people or workstations producing DRA but which, for some reason,
cannot be dealt with using the standard procedures. What procedures will
be implemented to capture the relevant DRA.
A more detailed sample outline LDAP can be found here.
