Any comments on who will be held responsible for establishing system activity logs on an existing system – the vendor or the health organization?
1) While audit trails are required, it is up to the organization to develop audit trails that are consistent with their strategic security plan that takes into account their risk assessment, senior management’s decisions to accept or avoid risk, which may be based on their size and business needs. 2) I do not expect that larger institutions would have software that does not provide reasonable audit trail capabilities and the small institutions may be able to use audit trails provided at the system level. 3) Audit trails should not be implemented without understanding how the information they produce is going support and enforce the organization’s audit trail policies. The fewer the audit trails to accomplish that, the better. a. Any audit trails implemented must also be monitored. Audit trails take a toll on performance and increase storage costs. Therefore, the goal should be to deploy the minimum level of audit trails that satisfy the need of the organization. You should first determ
Related Questions
- The responsible Commissioner looks at the persons maturity to run the activity. Can the comments of the Approved Assessor be taken in to consideration?
- Any comments on who will be held responsible for establishing system activity logs on an existing system - the vendor or the health organization?
- Who is responsible for the design, approval and administration of the Health Systems compensation program?
Any comments on who will be held responsible for establishing system activity logs on an existing system – the vendor or the health organization?