live audit concepts

LIVEAUDIT CONCEPTS GUIDE

Copyright Notice

This manual is Copyright DataMirror Corporation 1996-2004. All rights reserved. No part of this manual may be reproduced, distributed or transmitted, in whole or in part, in paper, electronic or any other form or by any means other than as expressly permitted in the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement, or as otherwise expressly permitted by DataMirror Corporation.

DataMirror reserves the right to revise this manual and make periodic changes to its content without obligation on DataMirror’s part to notify any person of such revisions or changes. DataMirror does not assume responsibility for the use of the manual.

DataMirror software products contain valuable trade secrets and proprietary information and are protected by Canadian, United States and international copyright and other intellectual property laws and treaties. Unauthorized use of the manual or DataMirror software products is strictly prohibited and may result in civil damages and criminal prosecution. See the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement for additional information.

Trademark Notice

Constellar, Data From Where It Is To Where It Needs To Be, DataMirror, DataMirror DB/XML Transform, DataMirror DB/XML Vision, DataMirror Synapse Mobility, DataMirror Transformation Server, dbMirror, Enterprise Administrator, HA Suite, High Availability Suite, iCluster, iCluster for EMC Symmetrix, iDeliver, iReflect, iTransmit, JobScheduler, ObjectMirror, QuickMarts, Pervasive Gateway, SwitchOver System, The experience of now, Transformation Server, and XtremeCache are trademarks or registered trademarks of DataMirror Corporation and may not be used without the express written permission of DataMirror Corporation. This list of trademarks may not be complete; other trademarks or registered trademarks may be owned by DataMirror from time to time and may be used in this manual. Names, products and services of other companies may be mentioned in DataMirror manuals and are the trademarks or registered trademarks of their respective owners.

LiveAudit - Concepts Guide

DataMirror Corporation

29 April 2004

Table of Contents

Table of Contents Chapter 1 Introduction ........................................................................................................................1

1.1 About This Document........................................................................................................2 1.2 Documentation Conventions ............................................................................................. 2 1.3 Documentation .................................................................................................................. 2 1.4 Training and Education .....................................................................................................3 1.5 Online Information and Technical Support........................................................................ 3 1.6 Contacting DataMirror ....................................................................................................... 3

Chapter 2 LiveAudit Overview ...........................................................................................................5 What is LiveAudit? .................................................................................................................. 6 2.1 History of LiveAudit ........................................................................................................... 6 2.2 Why You Need LiveAudit .................................................................................................. 6 2.3 How LiveAudit Works ........................................................................................................9

2.3.1 Platform Availability for LiveAudit.......................................................................................... 10 2.3.2 Database Availability for LiveAudit........................................................................................ 10 2.3.3 Database Security with LiveAudit ......................................................................................... 11 2.3.4 Selecting Tables for the Audit Trail System.......................................................................... 13 2.3.5 Row Selection Expressions .................................................................................................. 14 2.3.6 Column Selection and Adding Additional Columns .............................................................. 15 2.3.7 Journal Control Fields ........................................................................................................... 16 2.3.8 Enabling LiveAudit ................................................................................................................ 17 2.3.9 Capturing Database Changes............................................................................................... 17 2.3.10 Testing the Audit Trail System............................................................................................ 19

Chapter 3 LiveAudit Business Solutions........................................................................................20 3.1 LiveAudit Business Solutions .......................................................................................... 21

3.1.1 Compliance with FDA E-Records Regulations (21 CFR Part 11)......................................... 21 3.1.2 Application Integration .......................................................................................................... 21 3.1.3 Compliance with Health Insurance Portability and Accountability Act (HIPAA) ................... 21 3.1.4 e-Business ............................................................................................................................ 21 3.1.5 Corporate and Public Security .............................................................................................. 22 3.1.6 Financial Services................................................................................................................. 22 3.1.7 Compliance with Sarbanes-Oxley......................................................................................... 22

DataMirror Corporation iii

Table of Contents

Appendix A - Key Features of LiveAudit ........................................................................................23 A.1 Key Features and Benefits of LiveAudit.......................................................................... 24

Appendix B - Systems Supported by LiveAudit ............................................................................26 B.1 Supported Databases (Native) ....................................................................................... 27 B.2 Supported Operating Systems........................................................................................ 27 B.3 Supported Hardware Platforms ...................................................................................... 27

Index....................................................................................................................................................29

DataMirror Corporation iv

Chapter 1 - Introduction

DataMirror Corporation 1

Chapter 1 Introduction This chapter contains a brief introduction to the LiveAudit solution, and general information about this document and other LiveAudit documentation. LiveAudit training and educational opportunities as well as DataMirror contact information are also provided.



1.1 About This Document

This document is intended for anyone who would like to learn more about DataMirror’s LiveAudit solution and the benefits that this technology can provide for your business. This document assumes that readers have a basic understanding of relational database technology.

1.2 Documentation Conventions

The following icons may be used in this guide to identify different types of information:

• Italics represent document, file, and directory names.

Identifies points to remember, limitations, dependencies, and other items of information that are worth noting.

Identifies hints, tips, shortcuts, and other techniques that allow you to work with the product in a more efficient or effective manner.

Identifies warnings, cautions, and other items of information that must be followed to avoid adverse conditions.

Identifies a jump or detour in the sequence of a procedure based on a particular selection.

1.3 Documentation

See the following DataMirror documentation for more information about LiveAudit:

• Enterprise Administrator for Transformation Server - User Manual.

Contains information about the functions supported through the Enterprise Administrator and Access Manager applications.

Note that most Transformation Server User Manuals (multiple platforms) also contain information about implementing LiveAudit.

You can find the following technical White Papers and Business Resources on the DataMirror web site: http://www.datamirror.com/. Contact DataMirror if you need assistance in locating these documents:

See the following White Papers (PDF format) on the DataMirror web site:

• ABCs of E-Records Management – Technical White Paper: This document is an introduction to the automation of business processes through e-Records. The business advantages of employing DataMirror’s LiveAudit solution are also discussed.



• HIPAA Compliance: Privacy and Security Best Practices and Solutions – Technical White Paper. This document discusses the details of the Health Insurance Portability and Accountability Act of 1996, and how to use LiveAudit to become HIPAA compliant.

• 21 CFR Part 11 Compliance: Solutions and Best Practices – Technical White Paper. This document discusses the details of the Food and Drug Administration’s 21 Code of Federal Regulations (CFR) Part 11: Electronic Records, Electronic Signatures, and how to use LiveAudit to become FDA-compliant.

• Implications of Basel II on Financial Services - Technical White Paper. This document discusses the implications for IT departments in the financial services sector of increased regulatory demands for operational resilience.

See the following Business Resources (PDF format) on the DataMirror web site:

• LiveAudit Fact Sheet: Protect and monitor the security of your data assets.

• 21 CFR Part 11 Compliance: Cost-effective compliance with FDA e-Records regulations.

• HIPAA-Compliant Privacy, Security, and Transaction Solutions: Privacy, security and transaction solutions for HIPAA compliance and beyond.

• Basel II Compliance Fact Sheet: Integrate, protect and audit data for heightened risk-management and Basel II compliance.

For more information on LiveAudit, Transformation Server, and other DataMirror products, visit DataMirror’s web site at http://www.datamirror.com/.

1.4 Training and Education

For hands-on training, DataMirror offers public education courses regularly at education centers in different parts of the world. During the training, participants will learn from experienced trainers the basic building blocks in implementing DataMirror technology and will be given the opportunity to test drive the technology in guided lab exercises. You can find course outlines and schedules on DataMirror's web site (http://www.datamirror.com/education). For more information, send email to [email protected].

1.5 Online Information and Technical Support

LiveAudit is a fully supported product.

You can access technical support information, updates, and the knowledge base from DataMirror’s Internet home page at http://www.datamirror.com/.

1.6 Contacting DataMirror

DataMirror invites your suggestions on how to enhance LiveAudit and this guide. Send your suggestions or comments by contacting us at:

Customer Comments DataMirror Corporation 3100 Steeles Avenue East, Suite 700 Markham, Ontario, Canada



L3R 8T3 Telephone: 1-905-415-0310 Facsimile: 1-905-415-0340 Email: [email protected]

Chapter 3 - LiveAudit Business Solutions


Chapter 2 LiveAudit Overview This chapter provides a general overview of DataMirror’s LiveAudit solution.



What is LiveAudit?

LiveAudit is an out-of-the-box solution that captures database information generated by virtually any software application with no programming required.

LiveAudit captures all data that is added, changed or deleted from a database to create real-time, secure audit trails that preserve historical information and enable companies to monitor and report on all operational activities. LiveAudit can be used to capture any changes made to an electronic record as well as the identity of the user and the time the change was made. LiveAudit captures changes at the application and database level. The audit trail contains a record of all data that was created, modified or deleted so that user errors or tampering can be easily detected. In the absence of a paper record, the LiveAudit database may provide the only proof that an electronic record was ever modified or deleted.

2.1 History of LiveAudit

LiveAudit evolved from the need for a database auditing solution mandated by the FDA’s 21 CFR Part 11 ruling, and by capitalizing on our experience in the data integration market with our data replication tool, Transformation Server. Both LiveAudit and Transformation Server can be activated on the same machines because they make use of the same data capture engines. LiveAudit’s out-of-the-box support for leading databases makes it ideal for enabling a range of business applications including enterprise application integration, e-Business, business intelligence and customer relationship management.

For more information on LiveAudit, Transformation Server, and other DataMirror products, visit DataMirror’s web site at http://www.datamirror.com/.

2.2 Why You Need LiveAudit

LiveAudit maintains an audit trail of all changes made in an application database. LiveAudit also allows you to track critical information about these events.

Without the audit trail that LiveAudit provides, your organization does not have the ability to track changes to database records. Historical information is lost as you create, modify, and delete records in your application database. illustrates how you can lose historical information as you make changes to a table in a relational database:

Figure 1



ProductID Action QtyDrug001 Make 1000Drug001 Calibrate Eqmt -Drug001 Test Initiated 1000Drug001 Test Result: Fail

Particles FoundDrug001 Bottle 1000Drug001 Ship 1000

ProductID Action QtyDrug001 Make 1000Drug001 Calibrate Eqmt -Drug001 Test Initiated 1000Drug001 Test Result: PassDrug001 Bottle 1000Drug001 Ship 1000

Figure 1 – Updating a Database Record Without LiveAudit

Figure 1In the example in , the test passed after it was re-done on the same batch. Without LiveAudit, a record in the application database is updated, but there is no historical record of this update in the resultant database.

In Figure 2, a record is deleted from an application database:



ProductID Action QtyDrug001 Make 1000Drug001 Calibrate Test Eqmt -Drug001 Test Initiated 1000Drug001 Bottle 1000Drug001 Ship 1000

ProductID Action QtyDrug001 Make 1000Drug001 Calibrate Test Eqmt -Drug001 Test Initiated 1000Drug001 Test Result: Particles

FoundDrug001 Bottle 1000Drug001 Ship 1000

Figure 2 - Deleting a Database Record Without LiveAudit

Figure 2The Delete (Figure 2) is performed on the Test Result row (circled in ). The database is now missing the information about the test result, and there is no historical record of this change in the resultant database.

LiveAudit addresses this loss of historical information by capturing all data that is added (Insert), changed (Update), or deleted (Delete) in a database to create real-time audit trails that allow companies to monitor and report on all operational activities.

As shown in Figure 1 and Figure 2, historical database information is lost as data is added, changed, or deleted in a database. LiveAudit preserves this historical information in a separate database (Figure 3):



Date/Time Actn User

ProductID

Mfg Action Qty

05/31/01-0800 I jwalker Drug001 Make 100005/31/01-1300 I jwalker Drug001 Calibrate Test Eqmt -05/31/01-1500 I jwalker Drug001 Test Initiated 100006/01/01-0800 I jwalker Drug001 Test Result: 1000

Particles Found06/01/01-0900 D jwalker Drug001 Particles Found06/01/01-1100 U swilson Drug001 Test Initiated 100006/02/01-0800 U swilson Drug001 Test Result: Pass 100006/01/01-1600 I jwalker Drug001 Bottle 100006/05/01-0800 I jwalker Drug001 Ship 1000

ApplicationDatabase

LiveAuditDatabase

ProductID Action QtyDrug001 Make 1000Drug001 Calibrate Test Eqmt -Drug001 Test Initiated 1000Drug001 Test Result: PassedDrug001 Bottle 1000Drug001 Ship 1000

Figure 3 – LiveAudit Database

As Figure 3 illustrates, Inserts, Updates, and Deletes are preserved in the LiveAudit database.

See Section 2.3 - How LiveAudit Works for some additional technical details about how LiveAudit works.

2.3 How LiveAudit Works

LiveAudit works in conjunction with DataMirror’s data integration tool, Transformation Server. The following section provides a general overview of how to set up LiveAudit in your working environment to satisfy internal and external auditing requirements.

For a more comprehensive overview of the tasks and the terminology outlined in this section, see the Enterprise Administrator for Transformation Server - User Manual.



2.3.1 Platform Availability for LiveAudit

LiveAudit supports many different platforms (Figure 4):

Figure 4 - LiveAudit Platform Availability

LiveAudit provides a unified interface for working with different types of databases on different platforms.

Intra and inter-system auditing is possible with LiveAudit. Audit trail tables may reside on the same system or a different system than the originating database. LiveAudit’s architecture is flexible enough that a single source database can be audited into two identical sets of audit trail tables on different systems.

See Section B.2 - Supported Operating Systems for more information on the operating systems supported by LiveAudit.

2.3.2 Database Availability for LiveAudit

LiveAudit supports many different native databases ( ): Figure 5



Figure 5 - LiveAudit Database Availability

The database access parameters in LiveAudit are specific for the database type that you select (Figure 5), making it easier to implement your Audit Trail System.

LiveAudit works at the database level (auditing is done at the database level). For this reason, it does not matter what application you are using to make changes. You can use any reporting tool that interfaces with any database on any platform. All information is tracked.

See Section B.1 - Supported Databases (Native) for more information on the databases supported by LiveAudit.

2.3.3 Database Security with LiveAudit

The ability to audit data relies on the fact that users are logged into a database, either through an application or otherwise. LiveAudit uses this native database log in information to track the user that makes changes to the data. Within LiveAudit, the security for the LiveAudit administrator is managed by using a native database log in. This takes advantage of the built-in security features of a particular database and is controlled by the database administrator(

): Figure

6



Figure 6 - Native Database Access (Log In) Parameters

LiveAudit also allows you to control the users that have access to your audit trail solution (Figure 7):

Figure 7 - LiveAudit Users

LiveAudit stores database user names and passwords in an encrypted state for connecting to a database. You can set up user profiles and specify the servers that the users can access.

External reporting tools can be used with LiveAudit since it works at the database level, not the application level. Once the data is flowed to the audit table(s), the flexibility of the system allows any standard reporting tool capable of accessing information from a relational database to create reports based on the audit table(s).

Enhanced security measures allow you to set options that give you better control over the password definition and access to a specific user account. Some of the features that are available include password definitions, password history, user account locking, password expiry,



new user account expiry, log in messages, and new user passwords. The following dialog allows you to set the security settings for your Audit Trail System (Figure 8):

Figure 8 - Security Settings for LiveAudit

See the Enterprise Administrator for Transformation Server - User Manual for more information on the security settings available for LiveAudit.

After you have arranged access to your database, the next step is to select the tables that will be included in your Audit Trail System.

2.3.4 Selecting Tables for the Audit Trail System

The LiveAudit solution makes use of a publication server/system and a subscription server/system that allows you to audit data and determine which tables are included in the audit trail. With the publication server/system, you can define the database tables that will be included in the audit trail. With the subscription server/system, you can define the relationship between the original tables (publication) and the audit tables or destination tables (subscription).

Figure 9

Figure 9

illustrates how you can select (or de-select) the tables from the publication server/system that you want to include in your audit trail. You can select tables from different databases on the publication server/system (Available Tables in ):



Figure 9 - Selecting the Audit Tables

Figure 9The tables to be included in the Audit Trail System are now grouped together under Selected Tables ( ). Once selected, these tables can be set up to keep track of delete, insert, update, and clear events. Auditing can be enabled or disabled individually for each table assignment. This means that you can choose the tables that will be included in the audit trail.

Native database access rules are enforced. The tables that are available to the user are based on database access rules.

2.3.5 Row Selection Expressions

LiveAudit includes functionality that allows the filtering of rows in the database with the row selection expression feature ( ): Figure 10



Figure 10 - Row Selection Expression

Rows containing sensitive or unnecessary data can be removed. Row selection is based on creating a simple expression that tests the value of a specific column in the database table. You can also verify that the row selection expression you have entered is valid.

The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System.

2.3.6 Column Selection and Adding Additional Columns

LiveAudit allows you to select or omit the columns that you want to include in your Audit Trail System with the column selection feature (Figure 11):



Figure 11 - Column Selection

Columns containing sensitive or unnecessary data can be removed from your Audit Trail System.

The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System.

2.3.7 Journal Control Fields

Journal control fields convey information about changes to your database by inserting a two-character code into additional columns that have been added to the LiveAudit database (

): Figure

12



Figure 12 - Journal Control Fields

You can accommodate the journal code in each audit record by adding additional columns to the LiveAudit database. Some common journal control codes used are &ENTTYP (what kind of change was made), &USER (who made the change), and &TIMSTAMP (when the change was made).

Other journal control fields can be used to attach additional information to an audit record.

See the Enterprise Administrator for Transformation Server - User Manual for more information on journal control fields and LiveAudit.

2.3.8 Enabling LiveAudit

In order to enable LiveAudit for your Audit Trail System, you will have to define user exits to audit all actions. You can select the Audit option for Clear Table, SQL Delete, and SQL Insert (Figure 13). If you select the Audit: before & after images option for the SQL Update (

), the Audit Trail System will record two entries per update into the LiveAudit database, while the Audit: after image only option will only record one entry per update into the LiveAudit database.

Figure 13

Figure 13 - Enabling LiveAudit

See the Enterprise Administrator for Transformation Server - User Manual for more information about enabling LiveAudit.

2.3.9 Capturing Database Changes

To begin capturing database changes with the Audit Trail System, you can choose the appropriate settings for the Replication Method and Subscribed Table Status on the Subscribed Table Properties dialog box (Figure 14):



Figure 14 - Capturing Database Changes

If you only want to record changes in your audit tables, select the Mirror option for the Replication Method, and Active for the Subscribed Table Status. In general, the options you select for this dialog box and will depend on a number of factors such as the number of transactions that you will be mirroring.

Figure 13

Selecting the Refresh option for the Subscribed Table Status will result in an increase in the amount of transactions that are mirrored. This option gives a point-in-time snapshot of the data. With this setting, the Audit Trail System will contain all the data in the dataset.

Mirroring indicates that you want to immediately replicate any changes made to a database table (continuous mirroring) or accumulate these table updates and replicate these changes at a later time (net change mirroring) to the LiveAudit database ( ): Figure 15

Figure 15 - Starting Mirroring

You can choose between continuous and net change mirroring when you start replication.



During continuous mirroring, LiveAudit remains in a wait mode. As changes occur on the publication table, they are propagated in real time to the subscription tables. Some minor delays may occur if there is heavy network traffic, but otherwise the subscription database is kept accurate on a minute-by-minute basis. As a result, continuous mirroring is appropriate for implementations where changes are needed immediately on the subscription database.

Net change mirroring is identical in function to continuous mirroring with the exception that mirroring activity automatically terminates when LiveAudit detects that no further changes have to be mirrored. In most cases, it is not necessary to select the End Mirroring function. LiveAudit accumulates updates until the next time that net change mirroring is initiated. Net change mirroring is designed to be run at regular intervals, typically by being added to a system scheduling facility (for example, cron in UNIX). You can schedule net change mirroring for off-peak periods when network traffic is less congested. However, if you need to make updates available as soon as possible, you should use continuous mirroring.

See the Enterprise Administrator for Transformation Server - User Manual for more information about net change mirroring and continuous mirroring.

2.3.10 Testing the Audit Trail System

Before testing the Audit Trail System, you should make sure that you have selected the appropriate journal controls. See Section 2.3.7 - on page 16 for more information.

Journal Control Fields

To test LiveAudit, update a source record in the native database with a SQL statement and then verify the SQL update in the audit table. For every SQL update of a source record, there should be a corresponding two-character journal code inserted into the LiveAudit database.



Chapter 3 LiveAudit Business Solutions This chapter goes through some of the potential business solutions for DataMirror’s LiveAudit solution.



3.1 LiveAudit Business Solutions

The following examples illustrate just a few of the environments in which LiveAudit can be utilized to make your business processes more efficient. For more information on any of the following solutions, visit the DataMirror web site at http://www.datamirror.com/.

3.1.1 Compliance with FDA E-Records Regulations (21 CFR Part 11)

FDA-mandated companies are required to create audit trails of their electronic records and to make these records readily available for FDA review (21 CFR Part 11). LiveAudit’s out-of-the-box implementation ensures that companies can rapidly achieve a cost-effective solution for FDA e-Records compliance with no programming required.

3.1.2 Application Integration

LiveAudit can be used to feed data into message-based software for application integration (For example, WebMethods or WebSphere MQ). LiveAudit allows companies to obtain full transaction data, essentially a copy of the original transaction, which it then passes and applies to another target. By using LiveAudit, you can receive the full transaction, the type of change that occurred, and the before and after images, which allows you to recreate the original transaction. There is also no need to revert to triggers to generate the information you need for your application integration project.

3.1.3 Compliance with Health Insurance Portability and Accountability Act (HIPAA)

The US Department of Health and Human Service’s Health Insurance Portability and Accountability Act (HIPAA) of 1996 is an act “to improve portability and continuity of health insurance coverage on the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.” In short, HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records. LiveAudit ensures the overall security of health care information systems by capturing all data that is added, changed or deleted to create real-time audit trails that preserve historical information and transactional details that would otherwise be overwritten.

3.1.4 e-Business

In an e-Business environment, transactions such as contracts, subpoenas, land deeds, stocks, airline ticket confirmations and currency can be transferred across a network without a single piece of paper ever changing hands. Audit trails are essential for recording customer activity and enhancing customer service. The customer’s initial contact is recorded in an audit trail, as well as each subsequent action such as payment and delivery of products or services. The customer’s audit trail provides a complete record of all transactions that have occurred between the company and the customer. The audit trail can be used to respond to customer inquiries, as a basis for account reconciliation or to provide a record of sales in the event of a tax audit.



3.1.5 Corporate and Public Security

An organization’s databases may contain sensitive and confidential information that must be monitored and tracked to ensure security. LiveAudit provides historical audit trails that can be used to improve the overall security of information systems maintained by public and private sector organizations. LiveAudit monitors all updates and deletes made at the database level and then creates an audit trail of this information which can then be easily retrieved and reviewed by internal auditors, security staff or federal investigators.

3.1.6 Financial Services

To help combat the rise in Internet fraud, banks and brokerage houses must keep detailed records of all online transactions and make them available to investigators. Typically, information that is recorded in a database will overwrite itself when updated or deleted. LiveAudit works at the database level to ensure that all operational activity is tracked and recorded in a chronological event log. This complete historical record can be used to confirm that receipts from sales have been deposited into the appropriate accounts or to ensure accountability for corrections or adjustments. Audit trails of sales, receipts and deliveries can also be used for business reporting, planning and forecasting and to support budget preparations.

3.1.7 Compliance with Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 (SOX) was signed into law to promote corporate responsibility, increase public disclosure, improve the quality and transparency of financial reporting and auditing, and strengthen penalties for securities fraud and other violations. SOX was passed in the wake of Enron and other corporate accounting scandals to prevent the reoccurrence of ethics scandals and other governance issues. SOX outlines internal control requirements that can be satisfied with DataMirror’s LiveAudit solution. LiveAudit allows businesses to record and track financial and other disclosure-related information.

Appendix A - Key Features and Benefits of LiveAudit


Appendix A - Key Features of LiveAudit This appendix outlines some of the key features and benefits of LiveAudit.



A.1 Key Features and Benefits of LiveAudit

Table 1 lists some of the key product features and business benefits that can be realized by implementing LiveAudit:

Key Product Features Business Benefits

Real-time Audit Trail Generation:

LiveAudit’s capture, transform, and flow technology allows users to create real-time audit trails of database transactions. All inserts, updates and deletes are recorded as separate database entries.

LiveAudit helps organizations confidently meet audit trail requirements set by corporate and regulatory bodies. Companies can keep a record of all changes and additions made to electronic records and preserve all historical information that would otherwise be overwritten.

Database-level Audit Trail Solution:

LiveAudit helps users create and manage all audit trails at the database level.

Since LiveAudit works exclusively at the database-level, it is completely application independent. Regardless of the different applications that exist within an enterprise, LiveAudit provides a single solution that can audit virtually all systems.

Intra and Inter-system Auditing:

Audit trail information captured by LiveAudit can either be stored locally, applied to non-local systems, or both.

LiveAudit provides full flexibility in managing an enterprise’s audit network by accommodating many different configurations including intra and/or inter-system auditing.

Built-in Transformation and Filtering:

LiveAudit allows users to translate values, derive new calculated fields, join tables and more. Users can also create, store and retrieve custom data transformations as macros. Row/column selection allows users to limit access to sensitive information or flow user-specific data to particular sites.

Built-in transformation capabilities allow internal and external reviewers to easily understand the audited data. This capability allows for flexibility in structured audit trails as required by regulatory bodies.

Multi-platform Support:

LiveAudit supports a wide variety of computing platforms and databases including DB2 UDB, Oracle and SQL Server across Microsoft Windows NT/2000/XP, UNIX, Linux, IBM OS/400, OS/390 and z/OS.

See Appendix B - on page 23 for more information.

Systems Supported by LiveAudit

Multi-platform support gives businesses the option to consolidate and centralize audit trails from disparate systems and diverse geographical locations. Having centralized audit trail information can drastically reduce the cost of maintaining individual electronic systems, resulting in a lower total cost of ownership.



Native Support for Platforms and Databases:

LiveAudit generates audit trails based on its native support for various platforms and database systems. LiveAudit is a journal-based solution, and journaling needs to be turned on for any tables that need to be audited.

LiveAudit’s native support capability ensures that the integrity of the audit trail is not compromised. LiveAudit is not affected by errors that may occur when creating an audit trail. In addition, LiveAudit operates at a minimal performance cost, and does not introduce significant overhead to the production system.

Out-of-the-box Solution:

LiveAudit is an out-of-the-box solution that is easy to implement and requires zero programming.

LiveAudit’s out-of-the-box functionality significantly reduces implementation timelines. With zero programming, companies don’t need to spend a lot of time training staff and don’t need to hire expensive programmers. Both features enable companies to quickly, easily, and cost-effectively implement solutions that meet corporate and regulatory mandates.

Application Integration:

LiveAudit can be used as part of a larger application integration solution.

The audit trail table can be used for a wide variety of application integration solutions. You can use the row and column filtering capabilities of LiveAudit to only use data that is important for integration.

Table 1 – Key Features of LiveAudit

Appendix B - Systems Supported by LiveAudit The operating systems, hardware platforms, and databases supported by LiveAudit are outlined in this appendix.


B.1 Supported Databases (Native)

LiveAudit currently supports the following databases (Native):

• IBM DB2 UDB

• Oracle

• Sybase Adaptive Server

• Microsoft SQL Server

• PointBase

B.2 Supported Operating Systems

LiveAudit currently supports the following operating systems:

• Windows NT/2000/XP

• IBM OS/400

• IBM OS/390 (MVS)

• z/OS

• HP-UX

• AIX

• Solaris

• DYNIX/ptx

• Tru64

• Linux

B.3 Supported Hardware Platforms

LiveAudit currently supports the following hardware platforms:

• IBM eServer: pSeries (RS/6000), xSeries (NUMA-Q), iSeries (AS/400), zSeries (S/390).

• Intel PC

• AlphaServer

• HP 9000

• SUN


Index


Index

A access parameters, 12 application integration with LiveAudit, 21 audit tables, 13 available tables, 13

B business solutions, 21

C column selection and adding additional columns, 15 compliance

FDA E-Records regulations (21 CFR Part 11), 21 Health Insurance Portability and Accountability Act, 21

continuous mirroring, 18 copyright notice, ii corporate and public security with LiveAudit, 22

D database security, 11 databases

LiveAudit, 9 DataMirror

technical support Internet information, 3

destination tables, 13

E E-Business and LiveAudit, 21

F FDA E-Records regulations (21 CFR Part 11), 21 financial services and LiveAudit, 22

H Health Insurance Portability and Accountability Act, 21

J journal control fields, 16

K key features

application integration, 25 built-in transformation and filtering, 24 database-level audit trail solution, 24 intra and inter-system auditing, 24 multi-platform support, 24 native support for platforms and databases, 24 out-of-the-box solution, 25 real-time audit trail generation, 24

key features of LiveAudit, 23 knowledge base, 3

L LiveAudit

application integration, 21 audit trail, 6 available databases, 10, 27 available platforms, 10, 27 before and after images, 17 business benefits, 24 business solutions, 21 capturing database changes, 17 changes to the application database, 6 column selection and adding additional columns, 15 compliance with Sarbanes-Oxley, 22 corporate and public security, 22 database security, 11 definition, 6 deleting a record from a database, 7 E-Business, 21 enabling LiveAudit, 17 environments, 21 FDA E-Records regulations (21 CFR Part 11), 21 financial services, 22 Health Insurance Portability and Accountability Act (HIPAA), 21 history of, 6 how it works, 9 inserts, updates, and deletes, 8 journal control fields, 16 key features, 23 more information, 6 preventing the loss of historical information, 6 real-time audit trails, 8 row selection expressions, 14 security features, 11 security settings, 13 selecting tables, 13 track changes to database records, 6 updating a database record, 7 what is LiveAudit, 6 why you need LiveAudit, 6

LiveAudit database, 9

Index


N net change mirroring, 18 notices

copyright, ii

P preventing the loss of historical information, 6

R real-time audit trails, 8 replication method, 17 row selection expression feature, 14

S Sarbanes-Oxley (SOX) Act and LiveAudit, 22 start mirroring, 18 subscribed table status, 17 supported databases (Native)

IBM DB2 UDB, 27 Microsoft SQL Server, 27 Oracle, 27 Sybase Adaptive Server, 27

supported hardware platforms AlphaServer, 27 HP 9000, 27 IBM eServer, 27 Intel PC, 27 iSeries - AS/400, 27 pSeries - RS/6000, 27 SUN, 27 xSeries - NUMA-Q, 27 zSeries - S/390, 27

supported operating systems AIX, 27 DYNIX/ptx, 27 HP-UX, 27 IBM OS/390 (MVS), 27 IBM OS/400, 27 Linux, 27 Solaris, 27 Tru64, 27 Windows NT/2000/XP, 27

systems supported by LiveAudit databases (Native), 27 hardware platforms, 27 operating systems, 27

T technical support

Internet information, 3 testing the Audit Trail System, 19 trademark notice for iCluster, ii Transformation Server, 6

and LiveAudit, 6 data replication tool, 6 more information, 6

U updating a database record, 7 user properties, 12

Index


Copyright © 2004 DataMirror Corporation. All rights reserved. DataMirror, Transformation Server andThe experience of now are trademarks or registered trademarks of DataMirror Corporation. All otherbrand or product names are trademarks or registered trademarks of their respective companies.

HOW TO DO BUSINESS WITH DATAMIRROR

North America 1 800 362 5955UK + 44 (0)20 7633 5200France + 33 (0)1 72 75 73 40Germany + 49 6151 8275 0Hong Kong + 852 2251 8226

FOR MORE INFORMATION VISIT WWW.DATAMIRROR.COM

ABOUT DATAMIRRORDataMirror (Nasdaq: DMCX; TSX: DMC) delivers live, secure data integration and protection solutions that give companies the power to manage, monitor and protect their corporate data inreal-time. DataMirror’s comprehensive family of solutions enables customers to easily and cost-effectively capture, transform and flow live data throughout the enterprise. DataMirror software unlocks the experience of now™ by providing the live, secure data access, integrationand availability companies require today across all computers in their business. Over 1,800 companies have gone live with DataMirror software. DataMirror is headquartered in Markham,Canada, and has offices around the globe.

live audit concepts

Documents