Audit records are kept within PASI to assist with troubleshooting, privacy breach investigations, and to support business processes triggered by the change of information. Auditing within the PASI Core is performed at two levels:
In addition to the auditing performed by PASI, PASI Clients are also required to perform auditing when information shared with PASI is accessed and/or updated via the PASI Client in order to maintain compliance with the PASI Usage Agreement. From the PASI Usage Agreement:
The School Authority shall ensure that its SIS creates and maintains audit trails and records sufficient to fully support investigations into any privacy or security breach that may occur. |
At a minimum, the audit record shall identify all individuals who have accessed a particular student's information, or attempted such access without proper authority, including:
It is expected that if a breach of privacy was to occur, that the PASI Client would have this information available, and could provide such audit information to Alberta Education if required.
Audit trail records (log) will be tracked within PASI and each PASI Client can send required audit information to PASI. The PASI Client can:
PASI will capture this audit information in such a manner to support monitoring and auditing when a breach has occurred. Note however that PASI Client applications may also need to maintain a full audit log within the SIS especially for transactions such as student inquiries where the PASI Core is not called by the application.