Audit Logging. Vendor shall: Ensure that the following system events are recorded to one or more audit logs in real time: All logins (including standard user, admin user, and service accounts); Account administration: account create, delete, modify permissions, change password, etc.; and Supervisor/Administrator changes to system parameters including security settings and audit logging parameters. Ensure that each audit log event shall comprise at least the following information: Date; Time, down to resolution of at least one second; IP and/or username; Activity description; and Success or failure. Retain audit logs for at least one year. Make the audit logs available to the Customer via an automated process e.g. export from an admin dashboard, syslog, sftp, Splunk forwarder, etc.
Audit Logging. Supplier shall produce audit logs recording user activities, exceptions, and information security events and keep them for an agreed period to assist in future investigations and access control monitoring. Retention for audit logs shall be specified by Supplier and retained accordingly.
Audit Logging. Audit logging shall be enabled on systems that contain Customer Content to capture at a minimum the security-related events define below:
i. Account logon (both successful and unsuccessful) and logoff ii. Failed access attempts iii. Account lockouts
Audit Logging. Hardware, software, or procedural mechanisms are implemented and maintained to record and examine activity in processing systems that contain or use electronic information, including appropriate logs and reports concerning the security requirements set for the in this Schedule.
Audit Logging. Vendor will implement and maintain hardware, software, and/or procedural mechanisms that record and examine activity in Vendor Systems that contain or use electronic information, including appropriate logs and reports concerning the security requirements set forth in this SPE DP & Info Sec Rider and compliance therewith.
Audit Logging. 1. Vendor shall:
a. Ensure that the following system events are recorded to one or more audit logs in real time:
i. All logins (including standard user, admin user, and service accounts);
ii. Account administration: account create, delete, modify permissions, change password, etc.; and
iii. Supervisor/Administrator changes to system parameters including security settings and audit logging parameters.
b. Ensure that each audit log event shall comprise at least the following information:
i. Date;
ii. Time, down to resolution of at least one second;
iii. IP and/or username;
iv. Activity description; and
v. Success or failure.
c. Retain audit logs for at least one year.
d. Make the audit logs available to the Customer via an automated process e.g. export from an admin dashboard, syslog, sftp, Splunk forwarder, etc.
Audit Logging. The system shall log all real-time updates and supervisory overrides to compliance status including user ID, data, time, etc., before and after values.
Audit Logging. Audit logging shall be enabled on systems that contain Customer Content to capture at a minimum the security-related events defined below:
(i) Account logon (both successful and unsuccessful) and logoff;
(ii) Failed access attempts;
(iii) Account lockouts;
(iv) Elevation of privileges (both successful and unsuccessful), and every use of elevated privileges or actions taken while privilege is elevated;
(v) Creation, modification and deletion (both successful and unsuccessful) of:
(a) Accounts or logon identifiers;
(b) Group memberships;
(c) Access privileges/attributes for accounts and groups;
(d) User rights and permissions.
(vi) Changes in account or logon identifier status (both successful and unsuccessful);
(vii) Modifications to, or unauthorized attempts to modify, the security configuration, security function or authorization policy.
Audit Logging. Access to Processor’s Data through Participant Electronic Medical Record (EMR). SACVALLEY MEDSHARE represents and warrants that the System and Services shall automatically record and log access to Patient Data by any person, when accessed through the Participant’s EMR, and will provide Participant the capability to readily create reports showing the following with respect to each such access: • Date/time of record access • Unique username of accessing person • Name of accessing person • Duration of Access
Audit Logging. Audit logs recording user activities, exceptions, and security events shall be generated and stored, in accordance with TSM record retention policy requirements and procedures, to assist in investigations and access control monitoring processes.
