Report to Verify that report recipients have reviewed said report SAS70
I was told the best way to ensure that SAS70 Audit requirements were being met for Firewall Log review was to have a link to the report emailed to the user instead of having the report attached. Two questions:
How do I (what parameters am I looking for - table, fields, etc.) create a report that shows when the user accessed the report URL.
How do I create a report that shows that the report has been emailed to the user.
I found under Ad Hoc Reports/Compliance/SAS70 a report called Report Review Audit but it is not pulling up any worthwhile data.
Thanks! That definately put me in the right direction. The only problem I am having now is that enVision is not indicating that the report has been accessed (read). I can see all the activity I have been doing for the last day. I can even see when my Firewall Change report was created (with the ObjectType of Scheduled). What I don't have is a difinitive Read. There are 3 entries at the exact time I accessed the URL that was in the email sent to my earlier by my scheduled report (see attachment). Now that I know what to expect, I can tell auditors that this is the user loging in to look at the URL. But honestly, I don't think that will fly. Any suggestions? It would also be nice for the ObjectName to include the path to the document.
Thanks for the help thus far!
Here is what we had to do.
We created an alert that looks for NIC message ID 801129 (csv created) and a unique string that IDs the report in the Object Name field as a filter (Object Name LIKE Audit, e.g.). This alert will fire every time the scheduled report is run.
We then created an output template (with no fields selected) and output action that says "The Report is Ready to View!" and to log on to the enVision appliance and view the report form the Scheduled reports tab (with instructions) in the body.
Unless the end user logs onto the enVision Web GUI and accesses the report, a corresponding event will not occur. We thought that it would be simple to just send out links, but this does not work.
Once you set it up once, it is not too bad for subsequent reports.
The lastest service pack (SP4) now has auditing for generated reports (report sent - 800811 and 800813; report read - 800810). This shows the username, date/time, object name (report name) and action (i.e. view).
I have it set up so that a daily and weekl report is generated and a link is sent to various parties. When they click on the link they have to log in, but that just opens the report from them. Every month an audit report is fired off to our Executive Auditor that shows whether or not people have been reviewing the required daily and weekly reports.