The Audit trail for a Document or other item is the series of records of which describe what has happened to it from its creation or receipt, its distribution, etc etc.
It means different things to different people:
- For the administrator of a computer network with a server, it means finding out
- who accessed a document, and when, and
- whether any changes were made to it, and whether any copies were made of it, as well as
- real time monitoring to help in detection of problems like disk failures, over utilization of system resources or network outages.
- To a construction document controller, it means knowing
- from where a document arrived, who created it, and when
- linking it to any other versions of the same master if it is a technical document
- knowing to whom it has been forwarded, when, why, and
- knowing what actions the recipient took.
- To a database manager it means knowing
- who accessed the database, when, and for how long
- what changes were made, and whether these were successful or not
- To a computer network security administrator, it means tracking
- access attempts, and
- firewall and router actions to prevent users from bypassing security policies
- it can allow reconstruction of an unauthorised intrusion after the event
- it can be analyzed to determine vulnerabilities, establish accountability, assess damage
- it can recover a system
Manual analysis of audit trails, though time consuming, is often carried out, as computer based logging mechanisms generate huge amounts of data which can be almost unusable.
Return to Meaning of Terms