Audit Trail—11​.10 (e)

"(e) Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. Record changes shall not obscure previously recorded information. Such audit trail documentation shall be retained for a period at least as long as that required for the subject electronic records and shall be available for agency review and copying."

Capturing System Information and Audit Trails

All InTouch and IDE tags defined as alarms are logged in the WWALMDB database. When an InTouch alarm provider is configured to use either operating system or ArchestrA authentication and an alarm occurs, the alarm record contains the full name of the operator, assuming the operator is logged on, along with the time and date and alarm details. If the alarm is subsequently acknowledged, and the node performing the acknowledgement is set to use operating system or ArchestrA security, the alarm record contains the full name of the acknowledgement operator. Otherwise, the alarm record contains a computer name concatenated with whatever is in the $Operator tag.

All tags that are configured as events have a record logged in the WWALMDB database each time an action happens with it or its value is changed. All event records, in the WWALMDB database, are logged with the full name of the logged on user and a time stamp in UTC. Logging the operator with an event can be forced by using secured and verified write attributes.

A comment field can also be configured in InTouch or the IDE and logged along with the alarm or event.

This logging of alarms and events that occurs while running a system can be used to create a report of system operation. In a production environment this information could be used to generate a batch report, which could be an electronic record, that showed alarms and events (e.g. setpoint changes, user logon/off) during a batch or production run.

This information logged into the database could be part of an electronic record about system operation. While this is helpful information related to system operation, it does not constitute an audit trail.

An audit trail would be a record of any changes (additions, deletions, or modifications) to this data once it has been logged. For example, if another system operator changed an alarm limit value (a logged event) while someone else was logged in then the event recording that value change could be changed in the electronic record to indicate the actual operator making the change. That change to the electronic record would be subject to tracking in an audit trail.

SQL Server can be configured, by using triggers, to track and log changes made to any data, see the Microsoft SQL Server documentation.

Historian Modification Tracking

The Historian supports tracking of modifications (inserts and updates) to columns in the Runtime database. Modification tracking can be used to track changes to configuration data and changes to actual historian data. The Historian uses the same security defined for SQL Server for inserting and updating data. However, data values cannot be deleted from storage.

Modification tracking is system-wide; it is controlled via the use of the ModLogTrackingStatus system parameter. Modification tracking stores a record of modification events that include the old data, the new data and the user name of the user registered with Windows Authentication in the Historian Console. Information in the modification tracking tables is stored in the data files of the Microsoft SQL Server database.

There are two types of modifications that can be tracked:

• Changes to configuration data. For example, additions or changes to tag, I/O Server, and storage location definitions. For more information, see "Modification Tracking for Configuration Changes" in the AVEVA Historian online help.

• Changes to history data. For example, data inserts and updates via Transact-SQL statements or CSV imports. For more information, see "Modification Tracking for Historical Data Changes" in the AVEVA Historian online help.