“Audit trail” is a term that can have slightly different definitions depending on the industry and companies being discussed.
However, in most cases, audit trails match up with the definition provided by the Fundamentals of Law for Health Informatics and Information Management. According to this health industry document, an audit trail is “a record that shows who has accessed a computer system, when [the computer system] was accessed, and what operations were performed.”
Said another way, audit trails are essentially archives that keep track of how people in your organization are using your shared computer system.
All audit trails include three pieces of information: a login ID, a summary of system actions, and a time stamp.
Please note that, for our purposes, we will be discussing audit trails in how they are related to document management software. As a result, these three pieces of information would usually apply to document access, modification, or deletion.
Why Audit Trails Are Important
If your business utilizes DMS to facilitate sharing, collaboration, or storage of various files and documents, then an audit trail would be an invaluable aid to the security of the system.
With a complete audit trail in place, companies would be able to keep an eye on and follow who in the organization was accessing different files and what they were doing with them.
An audit trail, in other words, is a complete chronological record of everything that happens in your organization’s DMS. It shows a detailed transaction history.
In addition to tracking employee movements within your DMS system, audit trails can be used for several other purposes. For instance, if an error was made in editing a document, or if your organization for some reason lost a bulk of data, an audit trail would allow you to look back at older versions of existing files.
This capability is key for data correction or reconstruction. An audit trail can also help an organization to detect unauthorized system access, predict DMS failures or vulnerabilities, and more.
Governmental Audit Trail Requirements
Numerous regulatory agencies and governing entities require organizations to have audit trails, including HIPAA, the SEC, and FINRA.
HIPAA (the Health Insurance Portability and Accountability Act), for instance, has stipulations regarding audit trails included in its “Security Role.”
According to the Department of Health and Human Services website, the requirement is that “A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.”
As defined by HIPAA, e-PHI stands for “electronic protected health information.” Any organization that works with this information—which includes patient names, addresses, social security numbers, and other pieces of sensitive personal information—must use audit trails in its DMS.
The audit trail requirements for the SEC and FINRA, meanwhile, are linked. In 2012, the SEC passed a new rule (Rule 613) called the “Consolidated Audit Trail” rule.
This rule “requires FINRA (the Financial Industry Regulatory Authority) and the national securities exchanges to jointly submit a National Market System (NMS) plan,” detailing the implementation of an effective audit trail system.
The core requirement here is that organizations collect data on “every order, cancelation, modification and trade execution for all exchange-listed equities and options across all U.S. markets.”
Note: If your organization is not involved in equity trading or health care, make sure to review the regulations laid forth by any relevant governing agencies to learn about any related audit trail requirements you might face.
Audit Trails and eFileCabinet
If your organization needs to become compliant with audit trail guidelines from HIPAA, SEC, or any other governing body, then eFileCabinet is the document management system for the job.
A secure and feature-rich DMS ideal for enterprise applications, eFileCabinet also comes with a built-in audit trail function.
With eFileCabinet’s audit trails, you will be able to keep track of each and every user who accesses your DMS—authorized or otherwise.
The audit trail will follow and track each user throughout the entire eFileCabinet system, logging everything a person searches, opens, modifies, or deletes.
Whether a worker is digging around in files they should not be accessing, or editing templates or profiles for no clear reason, eFileCabinet’s audit trail will tell you.
This feature is something that well-known or freeware DMS programs, such as Dropbox, do not offer.
Another huge benefit of eFileCabinet’s audit trail is that it is designed with external auditor capability. If an auditor needs to access documents or files or review your DMS for compliance, they can do so in the Cloud—without the need for an on-site visit.
The audit trail doesn’t just make it easier for you to audit what your employees are doing on your DMS. Indeed, it also makes it easier and more convenient for auditors to audit you.
Audit trails are also a good way to find out whether a transaction is being conducted accurately and truthfully. If every transaction has a proper audit trail, an auditor can quickly determine if the transaction is valid or not. Auditors can also more quickly, which means less money spent on audit fees and time spent in the field.
Finally, with eFileCabinet, you can rest assured that your audit trails are always going to be there. In particular, eFileCabinet is a respected DMS because it uses file storage redundancy to make sure that files are never lost.
In the same vein, any audit trail logs generated by the eFileCabinet system cannot be deleted. If you need to go back and restore an accidentally deleted file or find out where an employee made a mistake in a specific document, you can appreciate what an important security feature an audit trail can be in a DMS.
Interested in learning more about the audit trails and other useful features included with eFileCabinet?