“Audit trail” is a term that can have slightly different definitions depending on the industry being discussed. However, in most cases, audit trails match up with the definition provided by the Fundamentals of Law for Health Informatics and Information Management. According to this health industry document, an audit trail is “a record that shows who has accessed a computer system, when [the computer system] was accessed, and what operations were performed.”
Said another way, audit trails are essentially archives that keep track of how people in your organization are using your shared computer system. All audit trails consist of three pieces of information: a login ID, a summary of system actions, and a timestamp. Please note that, for our purposes, we will be discussing audit trails in how they relate to document management software. As a result, these three pieces of information would usually apply to document access, modification, or deletion.
Why Audit Trails Are Important
If your business utilizes DMS to facilitate sharing, collaboration, or storage of various files and documents, then an audit trail would be an invaluable aid to the security of the system. With an audit trail in place, you would be able to keep an eye on who in your organization was accessing different files and what they were doing with them. An audit trail, in other words, is just a chronological record of everything that happens in your organization’s DMS.
In addition to tracking employee movements within your DMS system, audit trails can be used for several other purposes. For instance, if an error was made in editing a document, or if your organization for some reason lost a bulk of data, an audit trail would allow you to look back at older versions of existing files. This capability is useful for data correction or reconstruction. An audit trail can also help an organization to detect unauthorized system access, predict DMS failures or vulnerabilities, and more.
Governmental Audit Trail Requirements
Numerous regulatory agencies and governing entities require organizations to have audit trails, including HIPAA, the SEC, and FINRA.
HIPAA (the Health Insurance Portability and Accountability Act), for instance, has stipulations regarding audit trails included in its “Security Role.” According to the Department of Health and Human Services website, the requirement is that “A covered entity must implement hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI.” As defined by HIPAA, e-PHI stands for “electronic protected health information.” Any organization that works with this information—which includes patient names, addresses, social security numbers, and other pieces of sensitive personal information—must use audit trails in its DMS.
The audit trail requirements for the SEC and FINRA, meanwhile, are linked. In 2012, the SEC passed a new rule (Rule 613) called the “Consolidated Audit Trail” rule. This rule “requires FINRA (the Financial Industry Regulatory Authority) and the national securities exchanges to jointly submit a National Market System (NMS) plan,” detailing the implementation of an effective audit trail system. The core requirement here is that organizations collect data on “every order, cancelation, modification and trade execution for all exchange-listed equities and options across all U.S. markets.”
Note: If your organization is not involved in equity trading or health care, make sure to review the regulations laid forth by any relevant governing agencies to learn about any audit trail requirements you might face.
Audit Trails and eFileCabinet
If your organization needs to become compliant with audit trail guidelines from HIPAA, SEC/FINRA, or any other governing body, then eFileCabinet is the document management system for the job. A secure and feature-rich DMS ideal for enterprise applications, eFileCabinet also comes with a built-in audit trail function.
With eFileCabinet’s audit trails, you will be able to keep track of each and every user who accesses your DMS—authorized or otherwise. The audit trail tracks each user throughout the entire eFileCabinet system, logging everything a person searches, opens, modifies, or deletes. Whether a worker is digging around in files they should not be accessing, or editing templates or profiles for no clear reason, eFileCabinet’s audit trail will tell you. This feature is something that well-known or freeware DMS programs, such as Dropbox, do not offer.
Another huge benefit with eFileCabinet’s audit trail is that it is designed with external auditor capability. If an auditor needs to access documents or files or review your DMS for compliance, they can do so in the Cloud—without the need for an on-site visit. In other words, the audit trail doesn’t just make it easier for you to audit what your employees are doing on your DMS. Indeed, it also makes it easier and more convenient for auditors to audit you.
Finally, with eFileCabinet, you can rest assured that your audit trails are always going to be there. In particular, eFileCabinet is a respected DMS because it uses file storage redundancy to make sure that files are never lost. In the same vein, any audit trail logs generated by the eFileCabinet system cannot be deleted. If you need to go back and restore an accidentally deleted file or find out where an employee made a mistake in a specific document, you can appreciate what an important security feature an audit trail can be in a DMS.
Interested in learning more about the audit trails and other useful features included with eFileCabinet? Learn more about this document management by filling out the form on this page.