What is the Audit Trail?
The audit trail is a record of all changes made to the database, who made the change, and when. Each time a user adds, edits, or deletes a record, this information is saved to the audit trail. The audit trail includes the date and time of the change, the user making the change, the type of change, the record being changed, the old value, and the new value. Audit trail records include sequential ID numbers generated by TRAIN TRACK® which can't be modified, and a date and time stamp.
The audit trail also records adding, editing, or deleting users, and changes to user access levels. It records each time a user logs on or off, enters the wrong password, or changes their password. If a user enters the wrong password three times, an automatic email alert is sent to the administrator (see Security and Users).
The process of saving changes to the audit trail runs at the database level, not the user interface. This allows all changes to the database to be captured, regardless of how the changes were made or which interface was used.
The audit trail in TRAIN TRACK® is available through both the client user interface and the web user interface. The desktop edition does not include the audit trail feature. If you need the audit trail, you may upgrade to the client/server edition.
What is Included in the Audit Trail?
The audit trail captures additions, edits and deletions to:
The audit trail DOES NOT record information about changes to records that are not directly related to training requirements:
Validation and Compliance
In order to maintain the integrity of the audit trail, users cannot have access to the data tables outside the user interface. During an audit (or a self-audit), you will need to demonstrate that the people who have access to the database are not users of the application. You will also need to demonstrate that you are following the user name and password policies, and that each user has a separate Windows® login name and password, and that users do not reveal their passwords to others.
For the employees logging in to take exams, each employee will need to set their password the first time they log in. All employees should be required to log in for the first time under the supervision of a manager who has already established the identity of each employee. This will ensure that the company has established the identity for each person being assigned an electronic signature.