Question AAAI-17
Are audit logs available that include AT LEAST all of the following: login, logout, actions performed, and source IP address?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe any plans to enable audit logs for these data elements.
Answering "YES"
EDUCAUSE provides no guidance here
Reason for Question
Strong logging capabilities are vital to the proper management of a system. Implementing an immature system that lacks sufficient logging capabilities exposes an institution to great risk. Depending on your risk tolerance and the use case, your institution may or may not be concerned. The focus of this question is end-user logs.
Follow-Up Inquiries
If a weak response is given to this answer, it is appropriate to ask directed answers to get specific information. Ensure that questions are targeted to ensure responses will come from the appropriate party within the vendor.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]