Viewing Compliance Reports

EventLog Analyzer lets you generate the following pre-defined reports to help meet the requirements of HIPAA, GLBA, PCI and SOX regulatory compliance acts:

• HIPAA compliance report
• SOX compliance report
• GLBA compliance report
• PCI Compliance

Click the Compliance Reports link to see the different reports available for each act. These reports are available under the Compliance Reports section in the Reports tab and the left navigation pane.

Click the Compliance Reports link to view the details and descriptions of the default compliances and the selected list of reports, configure new or existing compliances. You can find this link on the Reports menu of the sub-tab. Clicking the Compliance Reports [View All] link opens the Compliance Reports page. On the right side top of the page, Add New and Edit links are present. With the Add New link, you can add a new compliance and select a set of reports for the compliance. With Edit link, you can edit the default compliances available in the EventLog Analyzer. The Compliance Reports page displays the four default compliance reports. The page displays the Compliance, its description, provides scheduling of the compliance report with Schedule link, allows you to intimate EventLog Analyzer Support for adding more reports to the existing list of default reports with More Reports? Tell us here link, all the reports selected for the compliance and their description. Clicking on the compliance report, displays all the selected reports of the compliance in the <Compliance Name> Compliance Report page. Clicking on the individual report under a compliance, displays the selected report of the compliance in the <Compliance Name> Compliance Report page.

HIPAA Compliance Reports

The Health Insurance Portability And Accountability (HIPAA) regulation impacts those in healthcare that exchange patient information electronically. HIPAA regulations were established to protect the integrity and security of health information, including protecting against unauthorized use or disclosure of the information.

As part of the requirements, HIPAA states that a security management process must exist in order to protect against “attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations”. In other words being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive patient information.

EventLog Analyzer provides the following reports to help comply with the HIPAA regulations:

• User Logon/Logoff
• Logon Failure
• Audit Logs Access
• Object Access
• System Events
• Successful User Account Validation
• UnSuccessful User Account Validation

All these reports are accessible from the HIPAA Compliance Reports section.

Sarbanes-Oxley Compliance Reports

Section 404 of the Sarbanes-Oxley (SOX) act describes specific regulations required for publicly traded companies to document the management’s “Assessment of Internal Controls” over security processes.

Although the exact requirements of Sarbanes-Oxley are a bit vague, as part of the requirements, it can be assumed that a security management process must exist in order to protect against attempted or successful unauthorized access, use, disclosure, modification, or interference with system operations. In other words, being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive financial information.

EventLog Analyzer provides the following reports to help comply with the SOX regulations:

• User Logon/Logoff
• Logon Failure
• Audit Logs Access
• Object Access
• System Events
• Track Account management changes
• Track User Group changes
• Track Audit policy changes
• Successful User Account Validation
• UnSuccessful User Account Validation
• Track Individual User Action

All these reports are accessible from the SOX Compliance Reports section.

GLBA Compliance Reports

Section 501 of the GLBA documents specific regulations required for financial institutions to protect “non-public personal information”.

As part of the GLBA requirements, it is necessary that a security management process exists in order to protect against attempted or successful unauthorized access, use, disclosure, modification, or interference of customer records. In other words being able to monitor, report and alert on attempted or successful access to systems and applications that contain sensitive customer information.

EventLog Analyzer provides the following reports to help comply with the GLBA regulations:

• User Logon/Logoff
• Logon Failure
• Audit Logs Access

All these reports are accessible from the GLBA Compliance Reports section.

PCI Compliance Reports

Requirement 10 of Payment Card Industry Data Security Standard (PCI-DSS) requires payment service providers and merchants to track and report on all access to their network resources and cardholder data through system activity logs.

EventLog Analyzer provides the following reports to help organizations to comply with the PCI regulations. The following reports cover Requirements 10.1, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 10.2.6, 10.2.7

• User Logon/Logoff
• Logon Failure
• Audit Logs Access
• Object Access
• Track Audit Policy Changes
• Track Individual User Action

All these reports are accessible from the PCI Compliance Reports section.