...
- What modules should provide data for Audit reports? Should this solution be created for the Circulation module only or should it be generic for any module?
Answer from meeting notes (Meeting notes: Circ Logs, UXPROD-1703; 06.22.2020):Will we build out capabilities just for circ needs or will we build out a large audit trail for all transactions?
- Both should be implemented in similar fashion
- Should the Audit app provide a single report or multiple reports (a report per data type / per module)?
What are the use-cases for the Audit reports? Who is the target audience?
- Should a report contain only data records captured from modules or come aggregate numbers/statistics as well?
- For how long Audit data should be stored in a system? Should there be a system parameter that defines the retention period? Should obsolete data be moved to some archive storage or removed?
- What is allowed downtime for Audit reports during working hours? Outside of working hours?
What will happen if the Audit reports module is down for 1 hour during working hours? - Is it allowed to perform Audit report module maintenance at night hours?
- Is it fine for a user to get the latest Audit records by clicking on the “Refresh” button at the Audit report page?
- Will there be any sensitive data in the Audit reports? For instance, some data that falls under GDPR.
- What is an appropriate way to grant access to Audit reports:
- Option A: there should be only the ability to grant access to all Audit reports.
- Option B: there should be the ability to grant access to specific Audit reports only.
- Option C: there should be the ability to grant access to specific Audit report records in addition to Option B.
...