The number and extent of security audits have increased, and businesses have no choice but to keep up. After all, in 2018, 34% of U.S. consumers reported having their personally identifiable information (PII) compromised.
Because businesses often collect sensitive data from employees, customers, and partners, their collection, storage, and use of this data faces scrutiny. Any breaches in security can lead to stolen data, legal action, and loss of reputation.
An effective audit can help you refine criteria for assigning roles, adjust your strategy for access management, and change the way you manage data.
Security begins with auditing user permissions — there’s no reason an analyst in operations should have the same permissions as an HR exec. However, mistakes happen. Even though PeopleSoft audits can be troublesome, they are critical.
So how can businesses produce PeopleSoft audit actions in the most efficient way possible?
The Problem With PeopleSoft Audit Actions
To assist with database-level auditing, PeopleSoft relies on database triggers. When a user enacts a change to a monitored field, the change triggers a Peoplesoft audit action. Information that a trigger can record includes the user profile from when the change came, the type of change, when the change occurred, and similar details. Security audit leaders must have the EnableDBMonitoring domain parameter set in PSADMIN to retrieve this user ID information.
To enact database-level auditing with PeopleSoft’s security audit and control features, audit leaders must:
- Create an audit record with AUDIT_OPRID, AUDIT_STAMP, AUDIT_ACTN as high-level key fields in the app designer tool
- Navigate to database level auditing through this sequence: People Tools > Utilities > Audit > Update Data Base Level Auditing
- Add a new record to perform database-level auditing (the page automatically creates the audit record with the suffix _TR)
- Name the audit record with the choice already created in the app designer
- Check audit options to customize the audit
- Generate the code
- Save the audit report
- Distribute the report to the appropriate parties
The process of enabling PeopleSoft audit actions is too long and complex for comprehensive auditing that needs to be completed on a regular basis.
On-Demand Audit Reports
In a comprehensive security audit, the potential risks are identified, automated controls are outlined, and testing techniques are suggested. These findings are vital to both the integrity and protection of the data.
There is no need to wait for (or dread) quarterly or annual PeopleSoft security audits — especially for a business dedicated to data security. Sentinel Software provides on-demand audit reports that help you keep updated on compliance issues.
These on-demand audits reveal a detailed history of all user, role, and permission list changes so you don’t need to enter a complex code to see what was adjusted. Reports reveal any increases in or adjustments to authorized access for sensitive data and restricted pages.
Audit leaders can even receive real-time notifications when a user is granted access to a specific sensitive page that you have designated for monitoring. The system can also automatically distribute user access reports to managers or business leaders on a predetermined schedule.
These kinds of comprehensive data security capabilities will keep you ahead of typical compliance regulations—ensuring your business has the kind of tight data security that today’s consumers and clients are looking for.