Happy Business Starts Here

Re: Roles and Policy audits

ichin
Tutor

Roles and Policy audits

Hello,

 

A former coworker runs a monthly check against the security policy tile and all the roles that are available in our system. He did this by taking screenshots of each of the policy/role and visually compares to ensure that none of the values have been changed (example: changing the password history from 7 to 4 or none) to validate that nothing has been altered.

 

The issue with this approach is that it's a snapshot in time and if someone was to change a value in the middle of the month and change it back before the audit takes place, then it would appear as if nothing has changed over the month. Is there somewhere that we could go to view the changes in a more real-time fashion? With the settings API available, I can schedule something to run periodically to analyze what has changed over time, but unless I run it almost constantly, I don't think this is the right way to go about auditing changes to the system.

 

I was hoping someone could provide some best practice advice on how one should approach this subject.

 

Thanks and regards,

Ivan

1 REPLY 1
Aslam
Community Manager

Re: Roles and Policy audits

Hi Ivan,

 

Zuora has launched the Audit Trail feature to seamlessly track changes made to objects. Please go through the below KC Articles to understand the feature and how to make use of it to download reports,

Data_Model_of_Audit_Trail

Scope_of_Audit_Trail

Sample_Queries_of_Audit_Trail

The-road-to-sox-compliance-with-audit-trail/

 

You can raise a Support Ticket to verify if this feature has been enabled in your tenant. This has been made as General Availability and so if not enabled, support will assist you to turn on this feature.

 





If you found my answer helpful, please give me a kudo ↑
Help others find answers faster by accepting my post as a solution √