Definition: Auditability is an IT non-functional requirement that refers to the ability of a system to provide a complete and accurate record of all activities and transactions that occur within it. This includes the ability to track changes made to data, monitor user access and permissions, and generate reports that can be used for compliance, regulatory, or legal purposes. The audit trail should be secure, tamper-proof, and easily accessible to authorized personnel. The purpose of auditability is to ensure accountability, transparency, and integrity of the system's operations.
Source: TOGAF
Source reference: https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html
Additional information: According to the TOGAF specification, Auditability is a non-functional requirement that refers to the ability of a system to provide a complete and accurate record of all transactions and activities that occur within the system. This includes the ability to track and record all user actions, system events, and data changes, as well as the ability to generate reports and alerts based on this information.
The Auditability requirement is important for ensuring the integrity and security of a system, as well as for compliance with regulatory and legal requirements. It also helps to identify and investigate any potential security breaches or fraudulent activities.
To meet the Auditability requirement, a system must have the following capabilities:
1. Logging and tracking: The system must be able to log and track all user actions, system events, and data changes, including the date, time, and user responsible for each action.
2. Reporting and analysis: The system must be able to generate reports and alerts based on the logged information, allowing administrators to identify and investigate any suspicious activity.
3. Security and access control: The system must have robust security and access control mechanisms in place to prevent unauthorized access to the audit logs and to ensure the integrity of the logged information.
4. Retention and archiving: The system must be able to retain and archive audit logs for a specified period of time, in accordance with regulatory and legal requirements.
Overall, the Auditability requirement is an essential aspect of any system design, ensuring that the system is secure, compliant, and transparent in its operations.
Example: One example of the IT non-functional requirement 'Auditability' could be for a financial management system to track and record all changes made to financial data, including who made the change, when it was made, and what the previous and new values were. This would allow for auditing and compliance purposes, as well as ensuring the accuracy and integrity of financial data.
LOST view: Digital Solution Non-Functional Requirements Catalogue view
Identifier: http://data.europa.eu/dr8/egovera/AuditabilityRequirement
EIRA traceability: eira:DigitalSolutionNonFunctionalRequirementRequirement
ABB name: egovera:AuditabilityRequirement
EIRA concept: eira:ArchitectureBuildingBlock
Last modification: 2023-05-16
dct:identifier: http://data.europa.eu/dr8/egovera/AuditabilityRequirement
dct:title: Auditability Non-Functional Requirement
|
|
dct:modified | 2024-01-28 |
dct:identifier | http://data.europa.eu/dr8/AuditabilityRequirement |
dct:title | Auditability Non-Functional Requirement |
skos:example | One example of the IT non-functional requirement 'Auditability' could be for a financial management system to track and record all changes made to financial data, including who made the change, when it was made, and what the previous and new values were. This would allow for auditing and compliance purposes, as well as ensuring the accuracy and integrity of financial data. |
skos:definition | Auditability is an IT non-functional requirement that refers to the ability of a system to provide a complete and accurate record of all activities and transactions that occur within it. This includes the ability to track changes made to data, monitor user access and permissions, and generate reports that can be used for compliance, regulatory, or legal purposes. The audit trail should be secure, tamper-proof, and easily accessible to authorized personnel. The purpose of auditability is to ensure accountability, transparency, and integrity of the system's operations. |
eira:concept | eira:ArchitectureBuildingBlock |
eira:definitionSource | TOGAF |
eira:definitionSourceReference | https://pubs.opengroup.org/architecture/togaf9-doc/arch/chap03.html |
skos:note | According to the TOGAF specification, Auditability is a non-functional requirement that refers to the ability of a system to provide a complete and accurate record of all transactions and activities that occur within the system. This includes the ability to track and record all user actions, system events, and data changes, as well as the ability to generate reports and alerts based on this information.
The Auditability requirement is important for ensuring the integrity and security of a system, as well as for compliance with regulatory and legal requirements. It also helps to identify and investigate any potential security breaches or fraudulent activities.
To meet the Auditability requirement, a system must have the following capabilities:
1. Logging and tracking: The system must be able to log and track all user actions, system events, and data changes, including the date, time, and user responsible for each action.
2. Reporting and analysis: The system must be able to generate reports and alerts based on the logged information, allowing administrators to identify and investigate any suspicious activity.
3. Security and access control: The system must have robust security and access control mechanisms in place to prevent unauthorized access to the audit logs and to ensure the integrity of the logged information.
4. Retention and archiving: The system must be able to retain and archive audit logs for a specified period of time, in accordance with regulatory and legal requirements.
Overall, the Auditability requirement is an essential aspect of any system design, ensuring that the system is secure, compliant, and transparent in its operations. |
eira:PURI | http://data.europa.eu/dr8/AuditabilityRequirement |
dct:type | eira:AuditabilityRequirement |
eira:view | Digital Solution Non-Functional Requirements Catalogue view |
eira:eifLayer | N/A |
skos:broader | http://data.europa.eu/dr8/DigitalSolutionNonFunctionalRequirementRequirement |