You are on page 1of 36

LIVEAUDIT CONCEPTS GUIDE

Copyright Notice This manual is Copyright DataMirror Corporation 1996-2004. All rights reserved. No part of this manual may be reproduced, distributed or transmitted, in whole or in part, in paper, electronic or any other form or by any means other than as expressly permitted in the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement, or as otherwise expressly permitted by DataMirror Corporation. DataMirror reserves the right to revise this manual and make periodic changes to its content without obligation on DataMirrors part to notify any person of such revisions or changes. DataMirror does not assume responsibility for the use of the manual. DataMirror software products contain valuable trade secrets and proprietary information and are protected by Canadian, United States and international copyright and other intellectual property laws and treaties. Unauthorized use of the manual or DataMirror software products is strictly prohibited and may result in civil damages and criminal prosecution. See the applicable DataMirror Software License Agreement or Software License and Maintenance Agreement for additional information. Trademark Notice Constellar, Data From Where It Is To Where It Needs To Be, DataMirror, DataMirror DB/XML Transform, DataMirror DB/XML Vision, DataMirror Synapse Mobility, DataMirror Transformation Server, dbMirror, Enterprise Administrator, HA Suite, High Availability Suite, iCluster, iCluster for EMC Symmetrix, iDeliver, iReflect, iTransmit, JobScheduler, ObjectMirror, QuickMarts, Pervasive Gateway, SwitchOver System, The experience of now, Transformation Server, and XtremeCache are trademarks or registered trademarks of DataMirror Corporation and may not be used without the express written permission of DataMirror Corporation. This list of trademarks may not be complete; other trademarks or registered trademarks may be owned by DataMirror from time to time and may be used in this manual. Names, products and services of other companies may be mentioned in DataMirror manuals and are the trademarks or registered trademarks of their respective owners. LiveAudit - Concepts Guide DataMirror Corporation 29 April 2004

Table of Contents

Table of Contents
Chapter 1 Introduction ........................................................................................................................1 1.1 About This Document........................................................................................................ 2 1.2 Documentation Conventions ............................................................................................. 2 1.3 Documentation .................................................................................................................. 2 1.4 Training and Education ..................................................................................................... 3 1.5 Online Information and Technical Support........................................................................ 3 1.6 Contacting DataMirror ....................................................................................................... 3 Chapter 2 LiveAudit Overview ...........................................................................................................5 What is LiveAudit? .................................................................................................................. 6 2.1 History of LiveAudit ........................................................................................................... 6 2.2 Why You Need LiveAudit .................................................................................................. 6 2.3 How LiveAudit Works ........................................................................................................ 9
2.3.1 Platform Availability for LiveAudit.......................................................................................... 10 2.3.2 Database Availability for LiveAudit........................................................................................ 10 2.3.3 Database Security with LiveAudit ......................................................................................... 11 2.3.4 Selecting Tables for the Audit Trail System.......................................................................... 13 2.3.5 Row Selection Expressions .................................................................................................. 14 2.3.6 Column Selection and Adding Additional Columns .............................................................. 15 2.3.7 Journal Control Fields ........................................................................................................... 16 2.3.8 Enabling LiveAudit ................................................................................................................ 17 2.3.9 Capturing Database Changes............................................................................................... 17 2.3.10 Testing the Audit Trail System ............................................................................................ 19

Chapter 3 LiveAudit Business Solutions........................................................................................20 3.1 LiveAudit Business Solutions .......................................................................................... 21


3.1.1 Compliance with FDA E-Records Regulations (21 CFR Part 11)......................................... 21 3.1.2 Application Integration .......................................................................................................... 21 3.1.3 Compliance with Health Insurance Portability and Accountability Act (HIPAA) ................... 21 3.1.4 e-Business ............................................................................................................................ 21 3.1.5 Corporate and Public Security .............................................................................................. 22 3.1.6 Financial Services ................................................................................................................. 22 3.1.7 Compliance with Sarbanes-Oxley......................................................................................... 22

DataMirror Corporation

iii

Table of Contents

Appendix A - Key Features of LiveAudit ........................................................................................23 A.1 Key Features and Benefits of LiveAudit.......................................................................... 24 Appendix B - Systems Supported by LiveAudit ............................................................................26 B.1 Supported Databases (Native) ....................................................................................... 27 B.2 Supported Operating Systems........................................................................................ 27 B.3 Supported Hardware Platforms ...................................................................................... 27 Index....................................................................................................................................................29

DataMirror Corporation

iv

Chapter 1 - Introduction

Chapter 1 Introduction
This chapter contains a brief introduction to the LiveAudit solution, and general information about this document and other LiveAudit documentation. LiveAudit training and educational opportunities as well as DataMirror contact information are also provided.

DataMirror Corporation

Chapter 1 - Introduction

1.1 About This Document


This document is intended for anyone who would like to learn more about DataMirrors LiveAudit solution and the benefits that this technology can provide for your business. This document assumes that readers have a basic understanding of relational database technology.

1.2 Documentation Conventions


The following icons may be used in this guide to identify different types of information: Italics represent document, file, and directory names. Identifies points to remember, limitations, dependencies, and other items of information that are worth noting. Identifies hints, tips, shortcuts, and other techniques that allow you to work with the product in a more efficient or effective manner. Identifies warnings, cautions, and other items of information that must be followed to avoid adverse conditions. Identifies a jump or detour in the sequence of a procedure based on a particular selection.

1.3 Documentation
See the following DataMirror documentation for more information about LiveAudit: Enterprise Administrator for Transformation Server - User Manual. Contains information about the functions supported through the Enterprise Administrator and Access Manager applications. Note that most Transformation Server User Manuals (multiple platforms) also contain information about implementing LiveAudit. You can find the following technical White Papers and Business Resources on the DataMirror web site: http://www.datamirror.com/. Contact DataMirror if you need assistance in locating these documents: See the following White Papers (PDF format) on the DataMirror web site: ABCs of E-Records Management Technical White Paper: This document is an introduction to the automation of business processes through e-Records. The business advantages of employing DataMirrors LiveAudit solution are also discussed.

DataMirror Corporation

Chapter 1 - Introduction

HIPAA Compliance: Privacy and Security Best Practices and Solutions Technical White Paper. This document discusses the details of the Health Insurance Portability and Accountability Act of 1996, and how to use LiveAudit to become HIPAA compliant. 21 CFR Part 11 Compliance: Solutions and Best Practices Technical White Paper. This document discusses the details of the Food and Drug Administrations 21 Code of Federal Regulations (CFR) Part 11: Electronic Records, Electronic Signatures, and how to use LiveAudit to become FDA-compliant. Implications of Basel II on Financial Services - Technical White Paper. This document discusses the implications for IT departments in the financial services sector of increased regulatory demands for operational resilience.

See the following Business Resources (PDF format) on the DataMirror web site: LiveAudit Fact Sheet: Protect and monitor the security of your data assets. 21 CFR Part 11 Compliance: Cost-effective compliance with FDA e-Records regulations. HIPAA-Compliant Privacy, Security, and Transaction Solutions: Privacy, security and transaction solutions for HIPAA compliance and beyond. Basel II Compliance Fact Sheet: Integrate, protect and audit data for heightened riskmanagement and Basel II compliance.

For more information on LiveAudit, Transformation Server, and other DataMirror products, visit DataMirrors web site at http://www.datamirror.com/.

1.4 Training and Education


For hands-on training, DataMirror offers public education courses regularly at education centers in different parts of the world. During the training, participants will learn from experienced trainers the basic building blocks in implementing DataMirror technology and will be given the opportunity to test drive the technology in guided lab exercises. You can find course outlines and schedules on DataMirror's web site (http://www.datamirror.com/education). For more information, send email to education@datamirror.com.

1.5 Online Information and Technical Support


LiveAudit is a fully supported product. You can access technical support information, updates, and the knowledge base from DataMirrors Internet home page at http://www.datamirror.com/.

1.6 Contacting DataMirror


DataMirror invites your suggestions on how to enhance LiveAudit and this guide. Send your suggestions or comments by contacting us at: Customer Comments DataMirror Corporation 3100 Steeles Avenue East, Suite 700 Markham, Ontario, Canada

DataMirror Corporation

Chapter 1 - Introduction

L3R 8T3 Telephone: Facsimile: Email: 1-905-415-0310 1-905-415-0340 docs@datamirror.com

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

Chapter 2 LiveAudit Overview


This chapter provides a general overview of DataMirrors LiveAudit solution.

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

What is LiveAudit?
LiveAudit is an out-of-the-box solution that captures database information generated by virtually any software application with no programming required. LiveAudit captures all data that is added, changed or deleted from a database to create realtime, secure audit trails that preserve historical information and enable companies to monitor and report on all operational activities. LiveAudit can be used to capture any changes made to an electronic record as well as the identity of the user and the time the change was made. LiveAudit captures changes at the application and database level. The audit trail contains a record of all data that was created, modified or deleted so that user errors or tampering can be easily detected. In the absence of a paper record, the LiveAudit database may provide the only proof that an electronic record was ever modified or deleted.

2.1 History of LiveAudit


LiveAudit evolved from the need for a database auditing solution mandated by the FDAs 21 CFR Part 11 ruling, and by capitalizing on our experience in the data integration market with our data replication tool, Transformation Server. Both LiveAudit and Transformation Server can be activated on the same machines because they make use of the same data capture engines. LiveAudits out-of-the-box support for leading databases makes it ideal for enabling a range of business applications including enterprise application integration, e-Business, business intelligence and customer relationship management. For more information on LiveAudit, Transformation Server, and other DataMirror products, visit DataMirrors web site at http://www.datamirror.com/.

2.2 Why You Need LiveAudit


LiveAudit maintains an audit trail of all changes made in an application database. LiveAudit also allows you to track critical information about these events. Without the audit trail that LiveAudit provides, your organization does not have the ability to track changes to database records. Historical information is lost as you create, modify, and delete records in your application database. Figure 1 illustrates how you can lose historical information as you make changes to a table in a relational database:

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001

Action Make Calibrate Eqmt Test Initiated Test Result: Fail Particles Found Bottle Ship

Qty 1000 1000

1000 1000

Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001

Action Make Calibrate Eqmt Test Initiated Test Result: Pass Bottle Ship

Qty 1000 1000 1000 1000

Figure 1 Updating a Database Record Without LiveAudit

In the example in Figure 1, the test passed after it was re-done on the same batch. Without LiveAudit, a record in the application database is updated, but there is no historical record of this update in the resultant database. In Figure 2, a record is deleted from an application database:

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001

Action Make Calibrate Test Eqmt Test Initiated Test Result: Particles Found Bottle Ship

Qty 1000 1000 1000 1000

Product ID Drug001 Drug001 Drug001 Drug001 Drug001

Action Make Calibrate Test Eqmt Test Initiated Bottle Ship

Qty 1000 1000 1000 1000

Figure 2 - Deleting a Database Record Without LiveAudit The Delete (Figure 2) is performed on the Test Result row (circled in Figure 2). The database is now missing the information about the test result, and there is no historical record of this change in the resultant database. LiveAudit addresses this loss of historical information by capturing all data that is added (Insert), changed (Update), or deleted (Delete) in a database to create real-time audit trails that allow companies to monitor and report on all operational activities. As shown in Figure 1 and Figure 2, historical database information is lost as data is added, changed, or deleted in a database. LiveAudit preserves this historical information in a separate database (Figure 3):

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

Application Database
Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Action Make Calibrate Test Eqmt Test Initiated Test Result: Passed Bottle Ship Qty 1000 1000 1000 1000

LiveAudit Database
Date/ Time 05/31/01-0800 05/31/01-1300 05/31/01-1500 06/01/01-0800 06/01/01-0900 06/01/01-1100 06/02/01-0800 06/01/01-1600 06/05/01-0800 Actn User I jwalker I jwalker I jwalker I jwalker D U U I I jwalker swilson swilson jwalker jwalker Product ID Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Drug001 Mfg Action Qty Make Calibrate Test Eqmt Test Initiated Test Result: 1000 Particles Found Particles Found Test Initiated Test Result: Pass Bottle Ship 1000 1000

1000 1000 1000 1000

Figure 3 LiveAudit Database

As Figure 3 illustrates, Inserts, Updates, and Deletes are preserved in the LiveAudit database. See Section 2.3 - How LiveAudit Works for some additional technical details about how LiveAudit works.

2.3 How LiveAudit Works


LiveAudit works in conjunction with DataMirrors data integration tool, Transformation Server. The following section provides a general overview of how to set up LiveAudit in your working environment to satisfy internal and external auditing requirements. For a more comprehensive overview of the tasks and the terminology outlined in this section, see the Enterprise Administrator for Transformation Server - User Manual.

DataMirror Corporation

Chapter 3 - LiveAudit Business Solutions

2.3.1 Platform Availability for LiveAudit LiveAudit supports many different platforms (Figure 4):

Figure 4 - LiveAudit Platform Availability

LiveAudit provides a unified interface for working with different types of databases on different platforms. Intra and inter-system auditing is possible with LiveAudit. Audit trail tables may reside on the same system or a different system than the originating database. LiveAudits architecture is flexible enough that a single source database can be audited into two identical sets of audit trail tables on different systems. See Section B.2 - Supported Operating Systems for more information on the operating systems supported by LiveAudit. 2.3.2 Database Availability for LiveAudit LiveAudit supports many different native databases (Figure 5):

DataMirror Corporation

10

Chapter 3 - LiveAudit Business Solutions

Figure 5 - LiveAudit Database Availability

The database access parameters in LiveAudit are specific for the database type that you select (Figure 5), making it easier to implement your Audit Trail System. LiveAudit works at the database level (auditing is done at the database level). For this reason, it does not matter what application you are using to make changes. You can use any reporting tool that interfaces with any database on any platform. All information is tracked. See Section B.1 - Supported Databases (Native) for more information on the databases supported by LiveAudit. 2.3.3 Database Security with LiveAudit The ability to audit data relies on the fact that users are logged into a database, either through an application or otherwise. LiveAudit uses this native database log in information to track the user that makes changes to the data. Within LiveAudit, the security for the LiveAudit administrator is managed by using a native database log in. This takes advantage of the built-in security features of a particular database and is controlled by the database administrator(Figure 6):

DataMirror Corporation

11

Chapter 3 - LiveAudit Business Solutions

Figure 6 - Native Database Access (Log In) Parameters

LiveAudit also allows you to control the users that have access to your audit trail solution (Figure 7):

Figure 7 - LiveAudit Users

LiveAudit stores database user names and passwords in an encrypted state for connecting to a database. You can set up user profiles and specify the servers that the users can access. External reporting tools can be used with LiveAudit since it works at the database level, not the application level. Once the data is flowed to the audit table(s), the flexibility of the system allows any standard reporting tool capable of accessing information from a relational database to create reports based on the audit table(s). Enhanced security measures allow you to set options that give you better control over the password definition and access to a specific user account. Some of the features that are available include password definitions, password history, user account locking, password expiry,

DataMirror Corporation

12

Chapter 3 - LiveAudit Business Solutions

new user account expiry, log in messages, and new user passwords. The following dialog allows you to set the security settings for your Audit Trail System (Figure 8):

Figure 8 - Security Settings for LiveAudit

See the Enterprise Administrator for Transformation Server - User Manual for more information on the security settings available for LiveAudit. After you have arranged access to your database, the next step is to select the tables that will be included in your Audit Trail System. 2.3.4 Selecting Tables for the Audit Trail System The LiveAudit solution makes use of a publication server/system and a subscription server/system that allows you to audit data and determine which tables are included in the audit trail. With the publication server/system, you can define the database tables that will be included in the audit trail. With the subscription server/system, you can define the relationship between the original tables (publication) and the audit tables or destination tables (subscription). Figure 9 illustrates how you can select (or de-select) the tables from the publication server/system that you want to include in your audit trail. You can select tables from different databases on the publication server/system (Available Tables in Figure 9):

DataMirror Corporation

13

Chapter 3 - LiveAudit Business Solutions

Figure 9 - Selecting the Audit Tables

The tables to be included in the Audit Trail System are now grouped together under Selected Tables (Figure 9). Once selected, these tables can be set up to keep track of delete, insert, update, and clear events. Auditing can be enabled or disabled individually for each table assignment. This means that you can choose the tables that will be included in the audit trail. Native database access rules are enforced. The tables that are available to the user are based on database access rules. 2.3.5 Row Selection Expressions LiveAudit includes functionality that allows the filtering of rows in the database with the row selection expression feature (Figure 10):

DataMirror Corporation

14

Chapter 3 - LiveAudit Business Solutions

Figure 10 - Row Selection Expression

Rows containing sensitive or unnecessary data can be removed. Row selection is based on creating a simple expression that tests the value of a specific column in the database table. You can also verify that the row selection expression you have entered is valid. The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System. 2.3.6 Column Selection and Adding Additional Columns LiveAudit allows you to select or omit the columns that you want to include in your Audit Trail System with the column selection feature (Figure 11):

DataMirror Corporation

15

Chapter 3 - LiveAudit Business Solutions

Figure 11 - Column Selection

Columns containing sensitive or unnecessary data can be removed from your Audit Trail System. The procedures described in this section may not adhere to the auditing requirements in your organization. These features are optional and do not have to be implemented as part of your Audit Trail System. 2.3.7 Journal Control Fields Journal control fields convey information about changes to your database by inserting a twocharacter code into additional columns that have been added to the LiveAudit database (Figure 12):

DataMirror Corporation

16

Chapter 3 - LiveAudit Business Solutions

Figure 12 - Journal Control Fields

You can accommodate the journal code in each audit record by adding additional columns to the LiveAudit database. Some common journal control codes used are &ENTTYP (what kind of change was made), &USER (who made the change), and &TIMSTAMP (when the change was made). Other journal control fields can be used to attach additional information to an audit record. See the Enterprise Administrator for Transformation Server - User Manual for more information on journal control fields and LiveAudit. 2.3.8 Enabling LiveAudit In order to enable LiveAudit for your Audit Trail System, you will have to define user exits to audit all actions. You can select the Audit option for Clear Table, SQL Delete, and SQL Insert (Figure 13). If you select the Audit: before & after images option for the SQL Update (Figure 13), the Audit Trail System will record two entries per update into the LiveAudit database, while the Audit: after image only option will only record one entry per update into the LiveAudit database.

Figure 13 - Enabling LiveAudit

See the Enterprise Administrator for Transformation Server - User Manual for more information about enabling LiveAudit. 2.3.9 Capturing Database Changes To begin capturing database changes with the Audit Trail System, you can choose the appropriate settings for the Replication Method and Subscribed Table Status on the Subscribed Table Properties dialog box (Figure 14):

DataMirror Corporation

17

Chapter 3 - LiveAudit Business Solutions

Figure 14 - Capturing Database Changes

If you only want to record changes in your audit tables, select the Mirror option for the Replication Method, and Active for the Subscribed Table Status. In general, the options you select for this dialog box and Figure 13 will depend on a number of factors such as the number of transactions that you will be mirroring. Selecting the Refresh option for the Subscribed Table Status will result in an increase in the amount of transactions that are mirrored. This option gives a point-in-time snapshot of the data. With this setting, the Audit Trail System will contain all the data in the dataset. Mirroring indicates that you want to immediately replicate any changes made to a database table (continuous mirroring) or accumulate these table updates and replicate these changes at a later time (net change mirroring) to the LiveAudit database (Figure 15):

Figure 15 - Starting Mirroring

You can choose between continuous and net change mirroring when you start replication.

DataMirror Corporation

18

Chapter 3 - LiveAudit Business Solutions

During continuous mirroring, LiveAudit remains in a wait mode. As changes occur on the publication table, they are propagated in real time to the subscription tables. Some minor delays may occur if there is heavy network traffic, but otherwise the subscription database is kept accurate on a minute-by-minute basis. As a result, continuous mirroring is appropriate for implementations where changes are needed immediately on the subscription database. Net change mirroring is identical in function to continuous mirroring with the exception that mirroring activity automatically terminates when LiveAudit detects that no further changes have to be mirrored. In most cases, it is not necessary to select the End Mirroring function. LiveAudit accumulates updates until the next time that net change mirroring is initiated. Net change mirroring is designed to be run at regular intervals, typically by being added to a system scheduling facility (for example, cron in UNIX). You can schedule net change mirroring for offpeak periods when network traffic is less congested. However, if you need to make updates available as soon as possible, you should use continuous mirroring. See the Enterprise Administrator for Transformation Server - User Manual for more information about net change mirroring and continuous mirroring. 2.3.10 Testing the Audit Trail System Before testing the Audit Trail System, you should make sure that you have selected the appropriate journal controls. See Section 2.3.7 - Journal Control Fields on page 16 for more information. To test LiveAudit, update a source record in the native database with a SQL statement and then verify the SQL update in the audit table. For every SQL update of a source record, there should be a corresponding two-character journal code inserted into the LiveAudit database.

DataMirror Corporation

19

Chapter 3 - LiveAudit Business Solutions

Chapter 3 LiveAudit Business Solutions


This chapter goes through some of the potential business solutions for DataMirrors LiveAudit solution.

DataMirror Corporation

20

Chapter 3 - LiveAudit Business Solutions

3.1 LiveAudit Business Solutions


The following examples illustrate just a few of the environments in which LiveAudit can be utilized to make your business processes more efficient. For more information on any of the following solutions, visit the DataMirror web site at http://www.datamirror.com/. 3.1.1 Compliance with FDA E-Records Regulations (21 CFR Part 11) FDA-mandated companies are required to create audit trails of their electronic records and to make these records readily available for FDA review (21 CFR Part 11). LiveAudits out-of-thebox implementation ensures that companies can rapidly achieve a cost-effective solution for FDA e-Records compliance with no programming required. 3.1.2 Application Integration LiveAudit can be used to feed data into message-based software for application integration (For example, WebMethods or WebSphere MQ). LiveAudit allows companies to obtain full transaction data, essentially a copy of the original transaction, which it then passes and applies to another target. By using LiveAudit, you can receive the full transaction, the type of change that occurred, and the before and after images, which allows you to recreate the original transaction. There is also no need to revert to triggers to generate the information you need for your application integration project. 3.1.3 Compliance with Health Insurance Portability and Accountability Act (HIPAA) The US Department of Health and Human Services Health Insurance Portability and Accountability Act (HIPAA) of 1996 is an act to improve portability and continuity of health insurance coverage on the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. In short, HIPAA is designed to standardize the way all health care organizations electronically exchange sensitive patient data and to protect patients from unauthorized disclosure of their medical records. LiveAudit ensures the overall security of health care information systems by capturing all data that is added, changed or deleted to create real-time audit trails that preserve historical information and transactional details that would otherwise be overwritten. 3.1.4 e-Business In an e-Business environment, transactions such as contracts, subpoenas, land deeds, stocks, airline ticket confirmations and currency can be transferred across a network without a single piece of paper ever changing hands. Audit trails are essential for recording customer activity and enhancing customer service. The customers initial contact is recorded in an audit trail, as well as each subsequent action such as payment and delivery of products or services. The customers audit trail provides a complete record of all transactions that have occurred between the company and the customer. The audit trail can be used to respond to customer inquiries, as a basis for account reconciliation or to provide a record of sales in the event of a tax audit.

DataMirror Corporation

21

Chapter 3 - LiveAudit Business Solutions

3.1.5 Corporate and Public Security An organizations databases may contain sensitive and confidential information that must be monitored and tracked to ensure security. LiveAudit provides historical audit trails that can be used to improve the overall security of information systems maintained by public and private sector organizations. LiveAudit monitors all updates and deletes made at the database level and then creates an audit trail of this information which can then be easily retrieved and reviewed by internal auditors, security staff or federal investigators. 3.1.6 Financial Services To help combat the rise in Internet fraud, banks and brokerage houses must keep detailed records of all online transactions and make them available to investigators. Typically, information that is recorded in a database will overwrite itself when updated or deleted. LiveAudit works at the database level to ensure that all operational activity is tracked and recorded in a chronological event log. This complete historical record can be used to confirm that receipts from sales have been deposited into the appropriate accounts or to ensure accountability for corrections or adjustments. Audit trails of sales, receipts and deliveries can also be used for business reporting, planning and forecasting and to support budget preparations. 3.1.7 Compliance with Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 (SOX) was signed into law to promote corporate responsibility, increase public disclosure, improve the quality and transparency of financial reporting and auditing, and strengthen penalties for securities fraud and other violations. SOX was passed in the wake of Enron and other corporate accounting scandals to prevent the reoccurrence of ethics scandals and other governance issues. SOX outlines internal control requirements that can be satisfied with DataMirrors LiveAudit solution. LiveAudit allows businesses to record and track financial and other disclosure-related information.

DataMirror Corporation

22

Appendix A - Key Features and Benefits of LiveAudit

Appendix A - Key Features of LiveAudit


This appendix outlines some of the key features and benefits of LiveAudit.

DataMirror Corporation

23

Appendix A - Key Features and Benefits of LiveAudit

A.1 Key Features and Benefits of LiveAudit


Table 1 lists some of the key product features and business benefits that can be realized by implementing LiveAudit: Key Product Features Real-time Audit Trail Generation: LiveAudits capture, transform, and flow technology allows users to create real-time audit trails of database transactions. All inserts, updates and deletes are recorded as separate database entries. Database-level Audit Trail Solution: LiveAudit helps users create and manage all audit trails at the database level. Business Benefits LiveAudit helps organizations confidently meet audit trail requirements set by corporate and regulatory bodies. Companies can keep a record of all changes and additions made to electronic records and preserve all historical information that would otherwise be overwritten. Since LiveAudit works exclusively at the database-level, it is completely application independent. Regardless of the different applications that exist within an enterprise, LiveAudit provides a single solution that can audit virtually all systems. LiveAudit provides full flexibility in managing an enterprises audit network by accommodating many different configurations including intra and/or inter-system auditing. Built-in transformation capabilities allow internal and external reviewers to easily understand the audited data. This capability allows for flexibility in structured audit trails as required by regulatory bodies.

Intra and Inter-system Auditing: Audit trail information captured by LiveAudit can either be stored locally, applied to nonlocal systems, or both. Built-in Transformation and Filtering: LiveAudit allows users to translate values, derive new calculated fields, join tables and more. Users can also create, store and retrieve custom data transformations as macros. Row/column selection allows users to limit access to sensitive information or flow user-specific data to particular sites. Multi-platform Support: LiveAudit supports a wide variety of computing platforms and databases including DB2 UDB, Oracle and SQL Server across Microsoft Windows NT/2000/XP, UNIX, Linux, IBM OS/400, OS/390 and z/OS. See Appendix B - Systems Supported by LiveAudit on page 23 for more information.

Multi-platform support gives businesses the option to consolidate and centralize audit trails from disparate systems and diverse geographical locations. Having centralized audit trail information can drastically reduce the cost of maintaining individual electronic systems, resulting in a lower total cost of ownership.

DataMirror Corporation

24

Appendix A - Key Features and Benefits of LiveAudit

Native Support for Platforms and Databases: LiveAudit generates audit trails based on its native support for various platforms and database systems. LiveAudit is a journalbased solution, and journaling needs to be turned on for any tables that need to be audited. Out-of-the-box Solution: LiveAudit is an out-of-the-box solution that is easy to implement and requires zero programming.

LiveAudits native support capability ensures that the integrity of the audit trail is not compromised. LiveAudit is not affected by errors that may occur when creating an audit trail. In addition, LiveAudit operates at a minimal performance cost, and does not introduce significant overhead to the production system. LiveAudits out-of-the-box functionality significantly reduces implementation timelines. With zero programming, companies dont need to spend a lot of time training staff and dont need to hire expensive programmers. Both features enable companies to quickly, easily, and cost-effectively implement solutions that meet corporate and regulatory mandates. The audit trail table can be used for a wide variety of application integration solutions. You can use the row and column filtering capabilities of LiveAudit to only use data that is important for integration.

Application Integration: LiveAudit can be used as part of a larger application integration solution.

Table 1 Key Features of LiveAudit

DataMirror Corporation

25

Appendix B - Systems Supported by LiveAudit


The operating systems, hardware platforms, and databases supported by LiveAudit are outlined in this appendix.

DataMirror Corporation

26

B.1 Supported Databases (Native)


LiveAudit currently supports the following databases (Native): IBM DB2 UDB Oracle Sybase Adaptive Server Microsoft SQL Server PointBase

B.2 Supported Operating Systems


LiveAudit currently supports the following operating systems: Windows NT/2000/XP IBM OS/400 IBM OS/390 (MVS) z/OS HP-UX AIX Solaris DYNIX/ptx Tru64 Linux

B.3 Supported Hardware Platforms


LiveAudit currently supports the following hardware platforms: IBM eServer: pSeries (RS/6000), xSeries (NUMA-Q), iSeries (AS/400), zSeries (S/390). Intel PC AlphaServer HP 9000 SUN

DataMirror Corporation

27

Index

Index
A
access parameters, 12 application integration with LiveAudit, 21 audit tables, 13 available tables, 13 application integration, 25 built-in transformation and filtering, 24 database-level audit trail solution, 24 intra and inter-system auditing, 24 multi-platform support, 24 native support for platforms and databases, 24 out-of-the-box solution, 25 real-time audit trail generation, 24 key features of LiveAudit, 23 knowledge base, 3

B
business solutions, 21

C
column selection and adding additional columns, 15 compliance FDA E-Records regulations (21 CFR Part 11), 21 Health Insurance Portability and Accountability Act, 21 continuous mirroring, 18 copyright notice, ii corporate and public security with LiveAudit, 22

L
LiveAudit application integration, 21 audit trail, 6 available databases, 10, 27 available platforms, 10, 27 before and after images, 17 business benefits, 24 business solutions, 21 capturing database changes, 17 changes to the application database, 6 column selection and adding additional columns, 15 compliance with Sarbanes-Oxley, 22 corporate and public security, 22 database security, 11 definition, 6 deleting a record from a database, 7 E-Business, 21 enabling LiveAudit, 17 environments, 21 FDA E-Records regulations (21 CFR Part 11), 21 financial services, 22 Health Insurance Portability and Accountability Act (HIPAA), 21 history of, 6 how it works, 9 inserts, updates, and deletes, 8 journal control fields, 16 key features, 23 more information, 6 preventing the loss of historical information, 6 real-time audit trails, 8 row selection expressions, 14 security features, 11 security settings, 13 selecting tables, 13 track changes to database records, 6 updating a database record, 7 what is LiveAudit, 6 why you need LiveAudit, 6 LiveAudit database, 9

D
database security, 11 databases LiveAudit, 9 DataMirror technical support Internet information, 3 destination tables, 13

E
E-Business and LiveAudit, 21

F
FDA E-Records regulations (21 CFR Part 11), 21 financial services and LiveAudit, 22

H
Health Insurance Portability and Accountability Act, 21

J
journal control fields, 16

K
key features

DataMirror Corporation

29

Index

N
net change mirroring, 18 notices copyright, ii

U
updating a database record, 7 user properties, 12

P
preventing the loss of historical information, 6

R
real-time audit trails, 8 replication method, 17 row selection expression feature, 14

S
Sarbanes-Oxley (SOX) Act and LiveAudit, 22 start mirroring, 18 subscribed table status, 17 supported databases (Native) IBM DB2 UDB, 27 Microsoft SQL Server, 27 Oracle, 27 Sybase Adaptive Server, 27 supported hardware platforms AlphaServer, 27 HP 9000, 27 IBM eServer, 27 Intel PC, 27 iSeries - AS/400, 27 pSeries - RS/6000, 27 SUN, 27 xSeries - NUMA-Q, 27 zSeries - S/390, 27 supported operating systems AIX, 27 DYNIX/ptx, 27 HP-UX, 27 IBM OS/390 (MVS), 27 IBM OS/400, 27 Linux, 27 Solaris, 27 Tru64, 27 Windows NT/2000/XP, 27 systems supported by LiveAudit databases (Native), 27 hardware platforms, 27 operating systems, 27

T
technical support Internet information, 3 testing the Audit Trail System, 19 trademark notice for iCluster, ii Transformation Server, 6 and LiveAudit, 6 data replication tool, 6 more information, 6

DataMirror Corporation

30

Index

DataMirror Corporation

31

ABOUT DATAMIRROR
DataMirror (Nasdaq: DMCX; TSX: DMC) delivers live, secure data integration and protection solutions that give companies the power to manage, monitor and protect their corporate data in real-time. DataMirrors comprehensive family of solutions enables customers to easily and cost-effectively capture, transform and flow live data throughout the enterprise. DataMirror software unlocks the experience of now by providing the live, secure data access, integration and availability companies require today across all computers in their business. Over 1,800 companies have gone live with DataMirror software. DataMirror is headquartered in Markham, Canada, and has offices around the globe.

HOW TO DO BUSINESS WITH DATAMIRROR North America UK France Germany Hong Kong + + + + 1 800 362 5955 44 (0)20 7633 5200 33 (0)1 72 75 73 40 49 6151 8275 0 852 2251 8226

FOR MORE INFORMATION VISIT WWW.DATAMIRROR.COM

Copyright 2004 DataMirror Corporation. All rights reserved. DataMirror, Transformation Server and The experience of now are trademarks or registered trademarks of DataMirror Corporation. All other brand or product names are trademarks or registered trademarks of their respective companies.