Audit Logging. Vendor shall: Ensure that the following system events are recorded to one or more audit logs in real time: All logins (including standard user, admin user, and service accounts); Account administration: account create, delete, modify permissions, change password, etc.; and Supervisor/Administrator changes to system parameters including security settings and audit logging parameters. Ensure that each audit log event shall comprise at least the following information: Date; Time, down to resolution of at least one second; IP and/or username; Activity description; and Success or failure. Retain audit logs for at least one year. Make the audit logs available to the Customer via an automated process e.g. export from an admin dashboard, syslog, sftp, Splunk forwarder, etc.
Audit Logging. Hardware, software, or procedural mechanisms are implemented and maintained to record and examine activity in processing systems that contain or use electronic information, including appropriate logs and reports concerning the security requirements set for the in this Schedule.
Audit Logging. Supplier shall produce audit logs recording user activities, exceptions, and information security events and keep them for an agreed period to assist in future investigations and access control monitoring. Retention for audit logs shall be specified by Supplier and retained accordingly.
Audit Logging. Vendor will implement and maintain hardware, software, and/or procedural mechanisms that record and examine activity in Vendor Systems that contain or use electronic information, including appropriate logs and reports concerning the security requirements set forth in this SPE DP & Info Sec Rider and compliance therewith.
Audit Logging. 1. Vendor shall:
Audit Logging. Audit logging shall be enabled on systems that contain Customer Content to capture at a minimum the security-related events define below:
Audit Logging. The system shall log all real-time updates and supervisory overrides to compliance status including user ID, data, time, etc., before and after values.
Audit Logging. SACVALLEY MEDSHARE represents and warrants that the System and Services shall automatically record and log each access to Patient Data by any person, through any portion of the system, and will provide Participant the capability to readily create reports showing the following with respect to each such access: • Date/time of record access • Unique username of accessing person • Name of accessing person • Specific data elements/fields accessed: ▪ All types ▪ Allergy History ▪ Care Exchange Transaction Log ▪ Clinical History ▪ Clinical Results ▪ Community Search ▪ Demographics ▪ Document deletion ▪ Document Restoration ▪ Extended Search ▪ External Document ▪ Fast Labs ▪ Flowsheet ▪ Immunizations ▪ Lab Category ▪ Lab Graph ▪ Logged in ▪ Logged out ▪ Medications ▪ Messaging ▪ Moved Document ▪ Moved visit ▪ Patient Access Report ▪ Patient chart ▪ Patient chart Search ▪ Patient List ▪ Patient Merge Report ▪ Patient Opt Out Report ▪ Patient Registration ▪ Patient Summary ▪ Procedures/Diagnoses ▪ Secured document ▪ Secured patient ▪ Secured visit ▪ Security Override ▪ Sharing status change ▪ Visit Document ▪ Visit History ▪ Visit Summary • Duration of access • For each data element/field, what was accessed by accessing person • For each data element/field, description of action taken (whether information was accessed or printed, etc.) • For each data element/field, the purpose of the access (treatment, payment, operations, etc.) • Patient name • Patient Medical Record Number • Patient DOB (if included in the report) • IP address used to access the record • Record of any printing activity In addition, the Participant and its Authorized Users shall have easy access at all times to all of the foregoing routine audit reports/logs and related information and SACVALLEY MEDSHARE shall, at any time upon Participant’s request promptly will make available and/or will cause ICA to make available without delay to the Participant personnel access to all of the foregoing custom audit reports/ logs and related information pertaining to access to or use of Patient Data.
Audit Logging. Access to Processor’s Data through Participant Electronic Medical Record (EMR). SACVALLEY MEDSHARE represents and warrants that the System and Services shall automatically record and log access to Patient Data by any person, when accessed through the Participant’s EMR, and will provide Participant the capability to readily create reports showing the following with respect to each such access: • Date/time of record access • Unique username of accessing person • Name of accessing person • Duration of Access
Audit Logging. Corporate Standard Procedure for Identification and Authorization of Users of IT Systems Corporate Standard Classification and Control of Information
