What modules should provide data for Audit reports? Should this solution be created for the Circulation module only or should it be generic for any module?
Answer from meeting notes (Meeting notes: Circ Logs, UXPROD-1703; 06.22.2020):
Will we build out capabilities just for circ needs or will we build out a large audit trail for all transactions?
- Both should be implemented in similar fashion
Should the Audit app provide a single report or multiple reports (a report per data type / per module)?
- Audit app should provide a single report of all actions (on loans, fines/fees, notices, requests) that users should be able to filter down. (Emma Boettcher)
What are the use-cases for the Audit reports? Who is the target audience? (Use cases below from Emma Boettcher)
- Target audience: senior circulation staff, maybe occasionally collections staff.
- Use case #1: Determine how an item was used in order to decide if more copies should be ordered.
  - Look up item in circulation log, see how many check out actions were recorded for that item, as well as renewals, requests
- Use case #2: Audit overrides, in order to see who has been overriding failed actions and why
  - Look up actions like Check out through override & Renew through override, and view who has been overriding actions or if there are patterns
- Use case #3: Audit notices sent in order to verify a patron's claim that they never received an overdue notice (for example)
  - Look up a patron in the circulation log with the action Send notice to see if notices were sent to patron
- Use case #4: Audit check ins, to see if some items were checked in together or see if any similar titles to items that are claimed returned items were checked in
  - Look up the action Check in in the circulation log
Should a report contain only data records captured from modules or come aggregate numbers/statistics as well?
- Data records are a must-have. Aggregate numbers/statistics are not needed for this. (Emma Boettcher)
For how long Audit data should be stored in a system? Should there be a system parameter that defines the retention period? Should obsolete data be moved to some archive storage or removed?
What is allowed downtime for Audit reports during working hours? Outside of working hours?
What will happen if the Audit reports module is down for 1 hour during working hours?
Is it allowed to perform Audit report module maintenance at night hours?
Is it fine for a user to get the latest Audit records by clicking on the “Refresh” button at the Audit report page?
- Yes. This does not have to be a live feed of data. (Emma Boettcher)
Will there be any sensitive data in the Audit reports? For instance, some data that falls under GDPR.
- Yes. Links to loan details and user details, which will have to be anonymized like anonymized loans are. (Emma Boettcher)
What is an appropriate way to grant access to Audit reports:
- Option A: there should be only the ability to grant access to all Audit reports.
- Option B: there should be the ability to grant access to specific Audit reports only.
- Option C: there should be the ability to grant access to specific Audit report records in addition to Option B.
- Option A is good for now. Another level of permission where users would be able to see all data in the circulation log except who performed an action would be good to have eventually (Emma Boettcher)

Browser not supported