If your organization is fully utilizing a document management system, the number of images stored will grow significantly over time. With so many records being added and accessed by users, it is critical to understand the actions taken against a document within the system.
At first glance, this may not seem like an issue. After all, if your system is secure, why do you need to review specific actions? The reality is that adverse events can occur, and an audit trail can help uncover what happened.
This article will help you understand what is an audit trail, what type of information is included, and how to conduct a review of audit records.
What Is an Audit Trail?
Audit trails chronologically capture and log events that take place within a system. Within a document management system, they provide evidence of every action taken against a document, from the time that it is added until the time it is removed. User access, document properties modified, and more are all part of the activity logging.
Some industries are highly regulated and need audit trails to prove compliance with specific requirements. An audit trail can meet this need by proving all actions taken on a specific document. It also provides internal accountability for actions taken by users that may or may not have met internal workflow standards.
Contents of an Audit Trail
The audit trail of your system should clearly show what has happened to a document over time. Not only that, but additional system logging should occur, showing logins, a user’s navigation throughout the system, and configuration changes that may occur. They are essentially an archive of how people are using the system.
Every action is logged as a separate record in the audit trail. The audit record should contain the following:
- A description of the event that occurred
- The user, system, or application that launched the event
- The date or time that the event occurred
By reviewing your audit trail, you want to clearly see that a user logged in, navigated to a particular document, modified a property of the document, deleted a document, and so forth.
The Importance of an Audit Trail
With a complete audit trail, you can keep an eye on different files and what users were doing with the records. It can help detect mistakes that may have occurred as well as unauthorized document access.
You can also use an audit trail to track the path that a document takes throughout your document management system. For example, if a document moves through a workflow, you can monitor the steps taken. This can help to identify potential issues.
An audit trail can monitor several key areas regarding your stored documents.
User Access to Documents
You can review which users accessed different documents. If users are accessing documents they shouldn’t, it may pose questions about their intent or overall system security. You can then take the appropriate action.
If your security blocks users from accessing particular documents, your audit trail will also show if a user attempted to access a blocked document.
User Actions on Documents
With so many documents contained within your system, users are constantly making changes. They may be modifying keywords or other properties of the document. Even well-intentioned actions can undermine overall system usage in a large collection of images.
For example, let’s say a user was repeatedly taking an incorrect action on a document. An audit trail would identify every document that the user touched so that the mistake could be corrected.
And while the hope is that every document is located in its proper place, mistakes can happen, just like they can occur within a paper filing cabinet. An audit trail can track an image’s path and be useful in tracking down mislabeled or misplaced images.
User Deletions of Documents
The ability to delete images is always a concern within a document management system. Documents deleted intentionally or in error can represent a critical loss of data. It is therefore critical to manage the delete actions taken and ensure that they are being handled appropriately.
With so many actions taken against documents, an audit trail can easily identify where something went wrong with image deletions. It will show the user that deleted the image, as well as actions taken before and after.
Maintaining and Reviewing an Audit Trail
The audit trail should be maintained for the entire life of the record. You may need to maintain the records even longer if you ever need to go back through the history of what happened to a deleted image.
As a result, the audit log can become unwieldy over time. You should become familiar with the types of events you should routinely review to detect issues. You may be looking for:
- Unusual activity
- Unauthorized usage
- Inconsistent activity by users
- Large-scale changes to information
- Deleted images
- Internal audit purposes
The review of your audit logs should be a regular part of your overall document management system maintenance. Identify what you are hoping to glean from your logs. From there, you can determine how often the logs should be reviewed.
Of course, outside of your routine reviews, you may need to answer a specific “What happened?” scenario. When this comes up, you want to be familiar enough with your audit trail’s capabilities so that you can answer that question. This could include using filters, date ranges, or other criteria.
Audit Trails: A Critical Feature of Your Document Management System
Now that you understand what is an audit trail, you should see the necessary role it plays in document management. Over time, you will become familiar with the monitoring necessary to ensure your system’s integrity, for both internal and external accountability.