Documentation
HECVAT Lite v3.0.6
Authentication, Authorization, and Accounting
HLAA-07

Question HLAA-07

Are audit logs available to the institution that include AT LEAST all of the following: login, logout, actions performed, timestamp, and source IP address?

Weight40
High RiskYes
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe any plans to enable audit logs for these data elements.

Answering "YES"

EDUCAUSE provides no guidance here

Reason for Question

Strong logging capabilities are vital to the proper management of a system. Implementing an immature system that lacks sufficient logging capabilities exposes an institution to great risk. Depending on your risk tolerance and the use case, your institution may or may not be concerned. The focus of this question is end-user logs.

Follow-Up Inquiries

If a weak response is given to this answer, it is appropriate to ask directed answers to get specific information. Ensure that questions are targeted to ensure responses will come from the appropriate party within the vendor.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]