This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2008-04-02 02:21 PM

Proving your Reports

Keep in mind...

 

When dealing with HIPAA compliance and auditors, one thing we quickly discovered.  After an extensive approach to create alerts and reports that pertained to HIPAA, we found that the auditors liked the reports but couldn't accept them due to the fact that we had no way of proving that anyone actually read them.  That caused us to put into practice a process by which our Compliance Officer had to sign-off on them before they were considered complete.  This is an acceptable practice that is still in effect many audits later.

0 Likes
Reply
2 Replies
DavidBruskin
Beginner
Beginner
‎2008-04-02 03:58 PM

Instead of emailing the reports or sending them to a shared drive, keep them on enVision, and force users to log in and view their reports (lock their permissions to only view). Then you can create a report weekly or daily to audit the useres logging on and reports viewed (you can see the action they take while on the system I.E. view X report). This is a check of a check which in many audits is utilized.
0 Likes
Reply
RSAAdmin
Beginner
Beginner
‎2008-07-11 09:18 AM

We had the same issues with SOx and PCI.  In our environment, I'm the only one responsible for monitoring the reports.  I created a spreadsheet that has all the reports listed in column A and a column for each day of the week.  I record the number of records present in each report and save the spreadsheet each week.  The auditors can always check to see if I REALLY reviewed the reports by creating the same report and seeing if I have the record count correct.

 

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.