3 Types of Audits An audit requires a formal process in order to review, examine and compare the history of an electronic system’s records of user activity. As such, the process for auditing should use a structured approach, and should end with a conclusive result. It is important to note, that audits may be scheduled to occur regularly or performed at random. The decision to audit could arise from an incident, a monitoring event, business rules, or in response to a complaint. Random Auditing Random audits should be used by the trustee to ensure user compliance with provincial and federal legislation, joint services and access policies (JSAP) and with the trustee’s internal privacy and security policies. It is the trustee’s responsibility to establish a process for conducting random audits of user activity. The trustee should consider the following when developing a random audit process: The individual(s) responsible for conducting random audits of user activity; The frequency of random auditing. Where the number of users and the volume of accesses are great, the frequency of monitoring should increase; The reasonable number of users to randomly audit each audit cycle; and Events that may trigger a focused audit. Focused Auditing A focused audit may be initiated if a complaint is made by a staff member or the general public or if a monitoring activity triggers a more in-depth investigation. All suspected incidents should be investigated and reported in accordance with the trustee’s incident management policies and procedures. Monitoring On the contrary to auditing, monitoring utilizes a less structured process, and involves continuous checks to verify the effectiveness of the process. Monitoring is often done by creating business rules that trigger alerts which identify suspicious patterns of activity or system use, in turn revealing the need for a more focused audit.
RkJQdWJsaXNoZXIy MTgwMjYzOA==