Editing Audit trail

{{Short description|Record of activities}}
{{Refimprove|date=March 2012}}

An '''audit trail''' (also called '''audit log''') is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, event, or device.<ref>{{cite web |url=http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf |title=National Information Assurance (IA) Glossary |publisher=[[Committee on National Security Systems]] |pages=4 |date=7 August 1996 |access-date=7 March 2012 |archive-url=https://web.archive.org/web/20120227163121/http://www.cnss.gov/Assets/pdf/cnssi_4009.pdf |archive-date=27 February 2012 |url-status=dead }}</ref><ref>{{cite web|url=http://www.atis.org/glossary/definition.aspx?id=5572 |title=ATIS Telecom Glossary 2012 - audit trail |publisher=[[Alliance for Telecommunications Industry Solutions]] (ATIS) Committee PRQC |year=2012 |access-date=7 March 2012 |url-status=dead |archive-url=https://web.archive.org/web/20130313232104/http://www.atis.org/glossary/definition.aspx?id=5572 |archive-date=13 March 2013 }}</ref> Audit records typically result from activities such as [[financial transaction]]s,<ref>{{cite web |url=https://www.sec.gov/news/press/2010/2010-86.htm |title=SEC Proposes Consolidated Audit Trail System to Better Track Market Trades |publisher=U.S. [[Securities and Exchange Commission]] |date=26 May 2010 |access-date=7 March 2012}}</ref> [[scientific research]] and health care data transactions,<ref>{{cite web|url=http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=5ff3a0efed913ef8fae9e225869688a2&rgn=div5&view=text&node=21:1.0.1.1.7&idno=21 |title=Electronic Code of Federal Regulations - Title 21: Food and Drugs - Part 11: Electronic Records; Electronic Signatures |publisher=[[U.S. Government Printing Office]] |access-date=2 March 2012 |url-status=dead |archive-url=https://web.archive.org/web/20100608090316/http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=3094bb76639c37239557767756fd7878&rgn=div5&view=text&node=21%3A1.0.1.1.7&idno=21 |archive-date=8 June 2010 }}</ref> or [[communication]]s by individual people, systems, accounts, or other entities.

The process that creates an audit trail is typically required to always run in a [[privileged mode]], so it can access and supervise all actions from all users; a normal user should not be allowed to stop/change it. Furthermore, for the same reason, the trail file or [[Table (database)|database table]] with a trail should not be accessible to normal users. Another way of handling this issue is through the use of a role-based security model in the software.<ref>{{cite book |title=Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks |author=Brancik, Kenneth C. |chapter=Chapter 2: Related Research in Insider Computer Fraud and Information Security Controls |year=2007 |pages=18–19 |publisher=CRC Press |url=https://books.google.com/books?id=lsDngU-RUywC |isbn=978-1-4200-4659-5}}</ref> The software can operate with the closed-looped controls, or as a '[[closed system]]', as required by many companies when using audit trail functionality.

==Industry uses==
In [[telecommunications]], the term means a record of both completed and attempted accesses and service, or [[data]] forming a logical path linking a [[sequence]] of events, used to trace the transactions that have affected the contents of a record. 

In [[information security|information]] or [[communications security]], [[information audit]] means a chronological record of [[system]] activities to enable the reconstruction and examination of the sequence of events and/or changes in an event. Information put away or transmitted in paired structure that might be depended upon in [[court]]. An audit trail is a progression of records of computer data about a working framework, an application, or client exercises. Computer frameworks may have a few audit trails each gave to a specific sort of action<ref>[[Information audit]]</ref>{{Circular reference|date=May 2020}}. Related to proper apparatuses and systems, audit trails can help with distinguishing security infringement, execution issues and application issues. Routine log audits and investigation are valuable for distinguishing security episodes, approach infringement, fake movement, and operational issues soon after they have happened, and for giving information valuable to settling such issues.<ref> Jaime Campbell; Alex Peterson, Intuit QuickBooks Enterprise Edition 12.0 Cookbook for Experts, 2012 </ref> Audit logs can likewise be valuable for performing [[forensic investigation]], supporting the associations inside examinations, setting up [[baseline (configuration management)|baselines]], and distinguishing operational patterns and long run issues.

In [[nursing research]], it refers to the act of maintaining a running log or [[diary|journal]] of decisions relating to a research project, thus making clear the steps taken and changes made to the original [[Guideline (medical)|protocol]].

In [[accounting]], it refers to [[documentation]] of detailed transactions supporting summary [[ledger]] entries. This documentation may be on paper or on electronic records.

In finance, it refers to an order (any firm indication of a willingness to buy or sell a security) tracking system, or consolidated audit trail, with respect to the trading of securities, that would capture order event information for orders in securities from the time of the receipt of an order, and further documenting the life of the order through the process of routing, modification, cancellation, and execution (in whole or in part) of the order.<ref>{{cite web |date=2012-10-01 |title=Release No. 34-67457; File No. S7-11-10 |url=https://www.sec.gov/files/rules/final/2012/34-67457.pdf |website=[[U.S. Securities and Exchange Commission]] |pp=6-7}}</ref><ref>{{Cite web|url=https://www.law.cornell.edu/cfr/text/17/242.613|title=17 CFR § 242.613 - Consolidated audit trail.|website=LII / Legal Information Institute}}</ref>

In [[online proofing]], it pertains to the [[version history]] of a piece of artwork, design, photograph, video, or web design proof in a project.

In [[clinical research]], server based systems such as [[clinical trial management system]]s (CTMS) require audit trails. Anything regulatory or [[QA/QC]] related also requires audit trails.

In [[pharmaceutical manufacturing]], it is a [[Good Manufacturing Practice]] regulatory requirement software generate audit trails, but not all software have audit trail functionality built-in. The first 'generic' audit trail generating software came out late 2021.{{citation needed|date=July 2022}} The software is called Audit Trail Control, capable of fulfilling regulatory requirements for any software used in pharmaceutical manufacturing.{{citation needed|date=July 2022}}

In [[voting]], a [[voter-verified paper audit trail]] is a method of providing feedback to voters using a [[ballot]]less voting system.

==References==
{{Reflist}}

{{Authority control}}

[[Category:Auditing terms|Trail]]