What exactly is an audit trail?
To be considered ITAR compliant, the US Government requires the implementation of a program that involves detailed tracking and monitoring of technical data. This is a particularly rigid aspect of ITAR because having a thorough log that shows how controlled data was accessed is crucial to the protection of any type of controlled document.
What is an audit trail used for?
Having an audit trail means that there is a secure and easily accessible reference point that the DDTC or external auditor can review in case of a data breach. Essentially, the point is to make sure that confidential information does not fall into the wrong hands by either deterring attacks or pointing authorized individuals in the right direction as to how the data had changed hands.
Why are audit trails important to data rooms?
If resources allow, it is typically recommended to periodically employ an outside auditor for an in-house solution or utilize software that is DDTC-reviewed. This is generally considered good practice to ensure that your platform is secure and avoid unnecessary fines. Audit trails within a data room should be able to recognize and record whether:
- What users accessed the data room and/or a specific document
- When and where a specific document was accessed
- Identify any gaps or inconsistencies in how, when and why data was accessed
What are some things to look out for within an audit trail?
Within a data room, it is important to be able to set restrictions as to how and when certain data can be accessed. One thing to make note of is geographical access. When sensitive information is shared constantly, it is important to limit access to specific regions where that information will be used. If your data is staying within the country, make sure you restrict outside access.
The last most important aspect of having an audit trail is a back-up. Arm your IT departments with proper tools such as on demand reports and historical analytics to be able to regularly assess whether the data stays secure. By doing so, you will be able to mitigate risk should anything happen to the back-up and ensure your compliance foundation is rock-solid.
To satisfy ITAR specifications, RegDOX provides a robust and effective audit trail service within the platform which will ensure confidential documents stay protected. How does it work? All actions on the application, Data Room and object level can be time-stamped and recorded in our tamper-proof audit trail. These actions usually include configuration changes as well as document access, editing, and the addition of new documents to a Data Room. The display of individual pages in the Secure Document Viewer is also logged in the audit trail. Users are only able to see information for which they have viewing permissions. Further actions, such as downloading documents, can be recorded separately. You can also limit access to the audit trail itself and the application ensures that it cannot be Secure Document Viewer altered later. Want to Learn More? Contact Us Today!
About RegDOX Solutions Inc.
Operating since 2007, RegDOX Solutions Inc. is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® offers compliance options for the transference and storage of ITAR, DFARS, EAR, HIPAA, and Corporate technical data within the cloud through highly intuitive, feature-rich virtual data room solutions. In addition, RegDOX offers DFARS assessment services for contractors and subcontractors of the DoD.